SAP Authorizations Evaluate Permission Traces across Application Servers

Direkt zum Seiteninhalt
Evaluate Permission Traces across Application Servers
Making the RESPAREA responsibility the organisational level
Any deviation from the defined process must be fully documented and justified. This is because it is precisely deviations from the standard case that are of great interest to an auditor, as the auditor must determine whether a deviation could have an impact on the correctness of the data.

If the programme determines that both of the criteria set out in the previous bullet points are met, the criterion of equality shall apply. This means that the proposed values of the permission that is already in place and to be added will come from the same transaction. Thus, the programme does not add a new default permission to the permission tree.
Law-critical authorizations
The More node details area allows you to configure additional settings. For example, by activating the Default Page setting, the selected transaction (in our example MM03) is called first when the parent folder (in our example of the Material Stems folder) is retrieved. The Invisible setting means that the transaction is not visible in the menu, but can be called from a button.

A troublesome scenario you're probably familiar with: You will soon be going live with a new business process and must now derive your roles in 97 accounting circles. Here eCATT can make your life easier. It's time again: If you don't have anyone in your department who likes to press the Copy button for several hours in the PFCG transaction, replace the Derive shortcut, and then customise the Organisation Levels (Origen) in the new roles on the Permissions tab (repeatedly connected to memory), the job will hang on you. Because there is hardly anything more boring, at the latest after one hour the first errors creep in. Whenever you have to roll out new roles, for example for your new premium business, to all your divisions, plants, etc. , the creation of the derived roles is tedious - because SAP does not offer smart mass maintenance. The SAP standard offers various ways to record and play on a massive scale. These tools are generally available for all operations in the SAP system, not just for role maintenance. Therefore, they are also more complex to operate, in order to be able to cover as flexibly as possible all possible application scenarios. eCATT is also no exception, so many users are still afraid to use it. But we can tell you from experience: After the second or third time, the creation of the test scripts is so quick that you'll wonder why you haven't always done it this way.

For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.

SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.


Now, go to the RZ11 transaction, enter the auth/authorisation_trace parameter name in the selection box, and click View.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.


The requirements in the third example to filter the Post Journal Display (transaction FAGLL03) can be implemented using the BAdIs FAGL_ITEMS_CH_DATA.
Zurück zum Seiteninhalt