SAP Authorizations Reset passwords using self service

Direkt zum Seiteninhalt
Reset passwords using self service
Grant permission for external services from SAP CRM
You can find the report RSUSR010 in the User Information System under the entry Transactions > Executable Transactions (all selections). You can run the report for users, roles, profiles, and permissions as described above. We will describe the evaluation for the users below (see figure next page above); for the other selection options, the operation of the report is analogous. The RSUSR010 report identifies all transactions that a user is allowed to start. In the list of executable transactions, you can then double-click on the transaction (for example, PFCG) to view the list of authorization objects and values for that transaction.

You have read that it is possible to perform mass activities, such as mass roll-offs, using standard means. This is all too complicated for you, and you are still looking for simple solutions for role maintenance? I'm sure you'll have a look at tools from SAP partners that promise to help. In this context, we would like to give you some more information in this tip. There is a very practical occasion: We have too often found a "broken" authorisation system with SAP customers, caused by the incorrect application of additional programmes. Sometimes, the role content was misaligned and the suggestion values were not neatly maintained, so at some point the permission administrators couldn't figure out what to do. Therefore, you should check very well whether the tool you are considering is actually suitable for your purposes.
Unclear objectives and lack of definition of own security standards
In the SCC4 transaction, first check whether eCATT is allowed to run. Then start the SECATT transaction. As you get started, you can define and modify test scripts and test configurations. First, create a test script. Think of it as a blueprint or a flow rule for how to create new derived roles. The test script will contain your recording later. Give the script a talking name, such as Z_MASSENGERATION_DERIVATIVES. Then click the Create Object button. You will now go to the Attribute tab, where you specify the general frame data. Then click the Editor tab. Now it goes to the recording, in the eCATT language called patterns. Click the Pattern button and specify that you want to record the PFCG transaction by selecting the UIAncontrol and TCD (Record) settings. The system will propose to call the interface "PFCG_1"; You can simply confirm this. Confirmation of the dialogue will immediately start the recording; They therefore end up in the PFCG transaction. We want to record the creation of a single role derived from a reference role. Complete the appropriate steps in the PFCG transaction and try to avoid unnecessary steps - every step you take will make your recording bigger and less cluttered. Enter the name of the derived role - we can influence it later when playing with eCATT - and specify the role. Now assign the reference role. Note that the PFCG transaction is actually executed, so the role is actually created in the system! Now maintain the permissions and organisation levels. If possible, use organisational level values in the note, which you can find well in other numbers later on, i.e. about 9999 or 1234. After generating and saving the role, you will be returned to eCATT. There you will be asked if you want to accept the data and confirm with Yes.

Optional: S_PATH authorization object: If the test identifies 3 additional permissions checks for individual paths for the S_PATH authorization object, these are checked in the fourth step. The access type and the permission group stored in the SPTH table are checked.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.


Careful preparation is a prerequisite for a successful authorisation check.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.


The other fields in the SMEN_BUFFC table describe the structure of the favourites, where the OBJECT_ID field is the unique key of the favourite entry.
Zurück zum Seiteninhalt