SAP Authorization Trace - Simple Overview of Authorizations
Define security policy for users
The SAP standard allows you to evaluate the statistical usage data via a standard function block. The call is made through the transaction SE37. Select here the function block SWNC_GET_WORKLOAD_STATISTIC. The function block is used to write the usage statistics to a temporary table, from which you can extract the data for further use.
SAP customers do not maintain suggested values in this transaction. However, there are cases where data in the SU22 transaction is maintained in a customer environment. If TADIR services or external services are developed by the customer or partner, these services are not available by default in the SU22 transaction or the SU24 transaction. For these services, the header data must first be written to the USOBHASH table, which serves as the basis for maintaining the services. These entries in the USOBHASH table are generated automatically when running TADIR services. Read Tip 41, "Add external services from SAP CRM to the proposal values", for dealing with external services. Once the data in this table is available, you have the option to maintain the proposed values.
View system modifiability settings
In the TPC6 transaction, set the periods to be reviewed. In the example shown in the figure below, a group of auditors from North Rhine-Westphalia would be active for the accounting area or cost accounting area (OrgUnit) 1000. In the 2000 accounting area and the 2000 HR accounting area, a Hessen-based payroll tax auditor group would operate.
There is a special feature for roles if the corresponding SAP system is based on S/4HANA. While under SAP ERP only roles with authorizations for the GUI system were relevant, corresponding business roles are required for the applications under FIORI. In addition to the roles in which authorization objects and authorization values are entered, so-called business roles are also required.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
If one of the tests within a section is indicated in red, the traffic light for that section shall also be set in red.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
The advantage of the audit structures as area menus is that you can use existing area menus or simply create new area menus.