SAP Authorizations Security in development systems

Direkt zum Seiteninhalt
Security in development systems
Conclusion
Authorization trace - Transaction: STUSOBTRACE - Transaction STUSOBTRACE is used to evaluate the authorization trace in the SAP system. This is a trace that collects authorization data over a longer period of time in several clients and user-independently and stores it in a database (table USOB_AUTHVALTRC).

Once you have identified the organisational features to consider, verify that you can redesign the existing roles so that the organisational features can be clearly maintained by use. This leads you to a concept in which functional and organisational separation is simply possible. However, it will end up with a larger amount of roles: Roles posting/investing, changing roles, reading roles. Such a concept is free of functional separation conflicts and is so granular that the organisational characteristics can be pronounced per use area.
Add external services from SAP CRM to the proposal values
System trace - Transaction: ST01 or STAUTHTRACE - There is also a system trace for an evaluation. Unlike the authorization trace, a system trace is mainly designed for short periods of time. My preferred variant to call the system trace is via the transaction STAUTHTRACE. Here you can filter the evaluation directly and get a better evaluation representation. Over the individual Buttons one can switch directly the Trace on or off and display the result of the Trace.

For users for which no user type has been defined in the ZBV, either the default user type of the subsidiary system or the user type defined by the local measurement programme (transaction USMM) run is reported in the Contractual User Type column. In this case, no value is reported in the Value column in the control centre. If the user type has been defined via a local run of the surveying programme and this type of user is not stored in the ZBV, you should re-import the licence data for this user from the subsidiary system into the ZBV using the transaction SCUG. If there are users in the daughter systems for which the value in the columns of the Contractual User Type and Value in ZBV Central differ, either the IDoc of the ZBV has not yet been processed, or the user type has been changed locally. In these cases, you should check what the differences are and also correct them.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

If you want to get more information about SAP basis, visit the website www.sap-corner.de.


Double-clicking on a authorization object will direct you to the authorization object definition, and double-clicking on the transaction will direct you to the programme location where the permission check is performed.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.


You can sort or filter this list by column.
Zurück zum Seiteninhalt