RS_ABAP_SOURCE_SCAN
Challenges in authorization management
You would like to revise your authorisation concept and tailor SAP roles only to the productive processes. We show you how to use the statistical usage data from the Workload Monitor for the SAP role definition. One of the biggest effort drivers in redesigning SAP role concepts is the definition of transactional expression of SAP roles. By using the statistical usage data from the workload monitor, you can avoid costly coordination with process managers in the sense of a Green Field Approach. In this way, you can tailor your SAP role concepts to the content of the usage behaviour. The only requirement is that the data be available for a representative period. This is two months in the SAP standard; You can also extend this time period. Below we describe how you can use the statistical usage data from the Workload Monitor for the SAP role definition.
In addition to SAP book recommendations on SAP authorizations, I can also recommend the books from Espresso Tutorials such as "SAP Authorizations for Users and Beginners" by Andreas Prieß * or also the video tutorial "SAP Authorizations Basics - Techniques and Best Practices for More Security in SAP" by Tobias Harmes. Both are, among other media, also included in the Espresso Tutorials Flatrate, which I have also presented in more detail under SAP Know How.
Create order through role-based permissions
The Security Audit Log (SAL) has ten different filters in the current releases, which control which events are logged. You can configure these filters via the SM19 transaction. The events are categorised as uncritical, serious or critical.
Login with user and password of another application (such as an AD or portal) In this case, the Web application must be able to obtain a unique SAP user ID to the login data. You should choose an application where the user does not easily forget his password.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
On www.sap-corner.de you will also find useful information about SAP basis.
There may be different reasons for this.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
Since the role menu has been adjusted, the PFCG role must now also be adjusted.