SAP Authorizations CONCLUSION

Direkt zum Seiteninhalt
CONCLUSION
Reset passwords using self service
In this case, please note that you may need to replace the SS table permission group with other table permission groups. This is required if you have entered a different table permission group when maintaining the table permission groups, for example, for the T000 table.

Permissions must have both identical maintenance status (default, maintained, modified, manual) and an identical active status (active or inactive). Exceptions represent changed permissions and manual permissions; these are summarised when the active status is identical.
Grant permission for external services from SAP CRM
The specific SAP_NEW authorization object imprints are provided via the SAP_BASIS component. Therefore, an SAP_NEW profile is always bound to a specific base release. Proceed as follows: With the transaction SU02, you remove all old, individual profiles from the SAP_NEW composite profile, including the profile that belongs to the start release of your upgrade. Now assign the reduced SAP_NEW permission profile to all users in the upgrade preparation system, ensuring that all users can work as usual. This step can be omitted if you are following another method to identify missing permissions. Now check all permissions in all remaining profiles within the SAP_NEW summary profile that have a higher release level than the SAP_BASIS upgrade start release. Map all required permissions to all productive roles in your permission concept. You can do this for each intermediate release individually. The next step is to adjust the permissions in your productively used roles in the PFCG transaction, and then remove the corresponding permissions from the SAP_NEW profile using the SU02 transaction. Repeat steps 3 through 4 until the SAP_NEW permission profile is empty. Work in a development system during the role adjustment phase and transport the adjustments made to your eligibility roles to your quality assurance system. After successful acceptance test, you transport them to the production system. Now you can remove the SAP_NEW profile from all users. You can then proceed with role follow-up as part of the release change in the SU25 transaction (see also Tip 43, "Customise Permissions After an Upgrade").

You can find the report RSUSR010 in the User Information System under the entry Transactions > Executable Transactions (all selections). You can run the report for users, roles, profiles, and permissions as described above. We will describe the evaluation for the users below (see figure next page above); for the other selection options, the operation of the report is analogous. The RSUSR010 report identifies all transactions that a user is allowed to start. In the list of executable transactions, you can then double-click on the transaction (for example, PFCG) to view the list of authorization objects and values for that transaction.

Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.

The website www.sap-corner.de offers many useful information about SAP basis.


Therefore, instead of applying this tip, you should preferably clear the permissions of your interface users.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


The system checks direct access to the contents of tables, for example, with transactions SE16, SM30, or SE16N with authorization checks on a table authorization group, object S_TABU_DIS.
Zurück zum Seiteninhalt