SAP Authorizations Maintain generated profile names in complex system landscapes

Direkt zum Seiteninhalt
Maintain generated profile names in complex system landscapes
Correct settings of the essential parameters
The system checks direct access to the contents of tables, for example, with transactions SE16, SM30, or SE16N with authorization checks on a table authorization group, object S_TABU_DIS. If there are no suitable authorizations for the table authorization group, the system checks the name of the table or view, object S_TABU_NAM. When making changes to client-independent tables, the system also checks the authorizations for object S_TABU_CLI. If you have configured line-based authorization checks in Customizing, the system also checks authorization object S_TABU_LIN. Assign tables or views to a table authorization group using transaction SE11 or SE54. You can also define table authorization groups using transaction SE54. If your customer development implements direct access to a table, use the VIEW_AUTHORITY_CHECK function module to perform the authorization check. For more information about generic access to tables, see SAP Note 1434284 Information Published on SAP Site and the online documentation for the authorization objects mentioned above.

For simplicity, we want to explain this example by using the PFCG_TIME_DEPENDENCY background job. This job calls the report RHAUTUPD_NEW or can be executed directly with the transaction PFUD. Imagine that there's no transactional code for this job yet.
Use table editing authorization objects
Programme the necessary checks (for example, for specific data constellations or permissions) in this new feature block. If the tests are not successful, do not show the location to the user, just do not return the export structure. The later display of the data is reduced exactly by this record.

When you start a report with the ABAP statement SUBMIT REPORT, the system checks the authorization object S_PROGRAM, provided that the program has been assigned to a program authorization group in transaction SE38. If this assignment is not sufficient for your system environment, you can define your own group assignment with the report RSCSAUTH. You must check this assignment after installing Support Packages or upgrades and reassign the reports if necessary.

With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.

On www.sap-corner.de you will also find useful information about SAP basis.


To do this, use the customising that you will also find in the transaction SAIS under the button Administration of the audit environment.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.


To do this, select the respective evaluation path by selecting it, and click on the evaluation path (individual maintenance) in the menu on the left.
Zurück zum Seiteninhalt