SAP Authorizations Displaying sensitive data

Direkt zum Seiteninhalt
Displaying sensitive data
Standard authorisation
Many companies are currently converting their current SAP systems from an ERP state to an SAP S/4HANA system. Through this conversion, many technical and also organizational components come upon the respective companies. The time factor for determining, organizing and implementing the necessary components should not be underestimated. The area of security is often neglected in thought, but can lead to major problems and possibly image-related damage - and resulting financial losses - in retrospect. For this reason, the implementation of a comprehensive authorization concept should be considered as early as possible in the project phase, as several components are intertwined here.

In both cases the transaction S_BCE_68001410 is started. Here you can search for an authorization object by authorization object, authorization object text, object class and other options.
Conclusion
When accessing tables or views, the S_TABU_DIS authorization object is used to grant permission for a specific table permission group in the permission check. Note in this context also Tip 73 "Use authorization objects for table editing" and the S_TABU_NAM authorization object presented there. You can create table permission groups by using the transaction SE54 or by using the V_TBRG_54 care dialogue. They fall under the customising and can only contain four characters until SAP NetWeaver 7.31 SP 2. To create a table permission group, call the SE54 transaction and select Permissions Groups in the Edit Table/View pane. The Create/Modify button provides an overview of the existing table permission groups. For example, this way you can also change the name of a table permission group. In the Table Rights Group overview, click the New Entries button to create a new table permissions group. Give a name for your permission group and a matching name. After you have saved the new entries, your custom table permission group is created.

User master record - Used to log on to the SAP system and grants restricted access to SAP system functions and objects via the authorization profiles specified in the role. The user master record contains all information about the corresponding user, including authorizations. Changes only take effect the next time the user logs on to the system. Users already logged on at the time of the change are not affected by the changes.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

Some useful tips about SAP basis can be found on www.sap-corner.de.


Since Release 4.6D, the system creates a new folder for each of the roles included in the pulley when rebuilding a Collective Roll menu at the first hierarchy level, and only then the corresponding menu is located.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


This applies to the USR02 and USH02 tables and in more recent releases the USRPWDHISTORY table.
Zurück zum Seiteninhalt