User and authorization management
Evaluate Permission Traces across Application Servers
The SU25 transaction lists additional customisation options in addition to upgrade activities. Under the item Adjustment of the permission checks (optional) are the transactions SU24 for the maintenance of the value of the proposal, the transaction AUTH_SWITCH_OBJECTS for the global elimination of the authorization objects as well as the transaction SE97 for the maintenance of transaction startup permissions checks (see Tip 76, "Maintain transaction start permissions when calling CALL TRANSACTION"). In the Manual Adjustment section of selected roles, you can create roles from manually created profiles, generate SAP_NEW (see Tip 64, "Use SAP_NEW correctly"), or generate SAP_APP as roles. In the General maintenance for suggestion values section, the reports SU2X_CHECK_WDY_HEADER for the registration of header data for external services (see tip 38, "Use the SU22 and SU24 transactions correctly") and SU2X_CHECK_CONSISTENCY for the concession test (available via the in SAP Note 16466666446445) 692 named Support Package) of suggestion values for the selected authorization objects.
When it comes to preparing for the auditor, it should definitely be checked whether all critical authorizations, as well as the important parameters, have been correctly assigned or set up in SAP®. The specifications for this should all be defined in the authorization concept documented in writing and must also be consistent with this. In this context in particular, however, it is not always easy to check all the essential points using the SAP® standard on-board tools. This is where the experienced auditors at IBS Schreiber GmbH can provide support.
With Managed Services, you receive professional management and improvement of your SAP authorizations. In doing so, we analyze your existing workflows and processes and work out optimization potentials. The implementation of the potentials takes place within a few months. As a basis for central and efficient administration, we implement an underlying tool, working continuously and directly with your SAP key users.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
They have encountered a role that includes manually maintained organisational levels. Even if you correct the error manually in the role by manually deleting the manually maintained value of the organisation levels in the authorization object, the value in question is not drawn from the organisation level. The AGR_RESET_ORG_LEVELS report allows you to reset these values for the role. The manually maintained organisational data will be deleted, and only the values that have been maintained via the Origen button will be drawn.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Running the system trace for permissions gradually for each application server is tedious.
Far more damage, however, can be caused by too extensive authorizations.