SAP Authorizations PRGN_COMPRESS_TIMES

Direkt zum Seiteninhalt
PRGN_COMPRESS_TIMES
View system modifiability settings
The Security Audit Log can also log customer-specific events in restricted way starting with SAP NetWeaver 7.31. The event definitions DUX, DUY and DUZ are reserved for customers and delivered with a dummy expression. For these events, you can then define individually configurable messages using the RSAU_WRITE_CUSTOMER_EVTS function block. To do this, you must first identify the additional necessary events and define their message texts and variables. Note that you may not change the meaning of the message and the arrangement of the variables later, as this would prevent older log files from being readable. Finally, you must include the new message definitions in your filters (transaction SM19). You will find the corrections and an overview of the required support packages in SAP Note 1941526. Since the use of this functionality requires extensive knowledge about the Security Audit Log, it is important that you also consider the recommendations in SAP Note 1941568 and that you can be supported by a basic consultant.

Two other very important settings are the activation of the security audit log and the table logging. Both parameters must be activated in order to ensure traceability at the user level as well as at the table level. It should therefore be checked whether the detailed settings for the security audit log are set up in accordance with the company's specifications and, in any case, whether all users with comprehensive authorizations, such as SAP_ALL, are fully covered by the logging without exception.
Authorization Analysis
A user reports that he or she is receiving a permission error even though you have granted him or her the required permissions. This could be due to a faulty buffering of the permission data. Although a user has been assigned a role with the correct permission data, this user is presented with a permission error due to missing permissions. This may be surprising at first glance, but it can almost always be fixed by a short analysis.

To access business objects or execute SAP transactions, a user needs appropriate authorizations, since business objects or transactions are protected by authorization objects with multiple authorization fields. Authorizations represent instances of generic authorization objects and are defined depending on the employee's activity and responsibilities. The authorizations are combined in an authorization profile (Generated profile), which is assigned to a role. User administrators then assign the appropriate roles (single role or composite role) via the user master record so that the user can use the appropriate transactions for his or her tasks.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.


The findings may not have been accepted by the auditors as the lists were visibly manipulated, even if this manipulation was justified.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.


In addition, you can select in the report RSUSR200 whether the users should be valid on the day of selection or not.
Zurück zum Seiteninhalt