SAP Authorizations Copy the user from the Clipboard to the Transaction SU10 selection

Direkt zum Seiteninhalt
Copy the user from the Clipboard to the Transaction SU10 selection
Conclusion and outlook
User master record - Used to log on to the SAP system and grants restricted access to SAP system functions and objects via the authorization profiles specified in the role. The user master record contains all information about the corresponding user, including authorizations. Changes only take effect the next time the user logs on to the system. Users already logged on at the time of the change are not affected by the changes.

The requirements in the third example to filter the Post Journal Display (transaction FAGLL03) can be implemented using the BAdIs FAGL_ITEMS_CH_DATA. Depending on the permissions granted, certain items or documents should be excluded from display. You can see the definition of BAdIs through the SE18 transaction, and in the SE19 transaction you create an implementation of the BAdIs in the Customer Name Room.
Sustainably protect your data treasures with the right authorization management
Since the introduction of the security policy in SAP NetWeaver 7.31, this report has changed. In older releases, instead of the security policy overview, a profile parameter selection page is offered in the report's startup screen. If you select Show Profile Parameters in this selection view, you will see an overview of the Profile Parameters settings in the upper half of the screen. Here you should pay particular attention to the setting of the parameter login/no_ automatic_user_sapstar and check its setting even after the switch to the security policy.

Create a message to be displayed to the user when permissions checks fail. The tests in this User-Exit are relatively free. This allows you to read table entries, store data from the ABAP application's memory, or read data that is already there. However, you are limited by the interface parameters of the application. In our example, these are the BKPF and BSEG structures and the system variables. If the information from the interface parameters is not sufficient for the test, you can use your programming skills and knowledge about the interdependencies of substitution and validation in finance to find additional data. The following coding allows you to identify the selected offset document entries that you can find in the POSTAB table (with the RFOPS structure) in the SAPMF05A programme. This way you can find many additional data. It is important that the supporting programme processes the User-Exits.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.


The risk of incorrectly assigned developer authorizations has also increased due to the elimination of additional protection via developer and object keys in S/4 HANA systems (see, among other things, SAP Note 2309060).

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.


For a complete list of all security advisories for all SAP solutions (SAP NetWeaver Application Server ABAP and Java, TREX, SAP HANA, Sybase, SAP GUI, etc.), see Security Notes Search on this page.
Zurück zum Seiteninhalt