SAP Authorizations Maintain proposed values using trace evaluations

Direkt zum Seiteninhalt
Maintain proposed values using trace evaluations
Essential authorizations and parameters in the SAP® environment
In the foreground, important SAP reports on the subject of role and authorization administration were presented. Since these and the entire SAP system are known to be based on ABAP coding, the analysis of the source code is just as important, especially when using in-house developments. These in-house developments often present serious security vulnerabilities because they have insufficient authorization checks in the coding. To search for explicit strings and to categorize the in-house developments accordingly, the report RS_ABAP_SOURCE_SCAN can be used. This allows existing programs in the backend to be explicitly checked for specific check patterns by the authorization administrator and any errors to be corrected by the relevant developers. Authorization-relevant check patterns for such a scan are, for example, "AUTHORITY-CHECK" or SQL statements such as SELECT, UPDATE or DELETE. The former checks whether authorization checks are present in the source code at all. The check for Open SQL patterns analyzes the code structure for direct SELECT, MODIFY or INSERT statements that must be avoided or protected on the authorization side. The best practice measure in this case is to use SAP BAPIs. The preventive best practice would be to involve developers and authorization administrators equally during the conceptual design of the custom development.

A separate programme - a separate permission. What sounds simple requires a few steps to be learned. Do you want to implement your own permission checks in your own development or extend standard applications with your own permission checks? When implementing customer-specific permissions, a lot needs to be considered. In this tip, we focus on the technical implementation of the authorisation check implementation.
Security within the development system
In order to make a well-founded statement about the complexity and the associated effort, a fundamental system analysis is required in advance. The results obtained from this form an excellent basis for estimating the project scope and implementation timeframe.

In the IT sector, we have to face new challenges every day. New technologies require us to act accordingly in order to always keep the current system landscape up to date, to strengthen our position on the market and, of course, to gain a technological edge over other competitors. This is also reflected in the corresponding SAP system landscape. Read in the two-part blog series why an authorization concept should be considered as early as possible in a project phase - especially when converting to SAP S/4HANA.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.


A classic example is user data in the Active Directory or the personnel master data in SAP ERP HCM, which are already maintained as part of the employee recruitment process.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


If you use the target ID as the search parameter in the CRMC_UI_COMP_IP table, you will get the information about component name, component window, and inbound plug as the search result.
Zurück zum Seiteninhalt