SAP Authorizations Use system recommendations to introduce security

Direkt zum Seiteninhalt
Use system recommendations to introduce security
Generic access to tables
Historically grown authorization structures can be found especially in system landscapes that have been in operation for a long time. Instead of small, modular, job-specific roles, existing roles are continually expanded and assigned to different employees in different departments. While this leads to less administrative work in the short term, it causes the complexity of the role to increase massively over time. As a result, the efficiency of authorization development is increasingly lost.

No external services can be added manually in transaction SU24. To do this, you must turn on a permission trace that takes over. You can enable the permission trace using the auth/authorisation_trace dynamic profile parameter. You can enable this parameter by using the transaction RZ11 (Profile Parameter Maintenance) by entering the value Y as a new value and selecting the Switch to All Servers setting.
Maintain transaction start permissions on call CALL TRANSACTION
After defining the roles and generating the corresponding authorization profiles, the individual persons in the company are then assigned to the roles. In the process, the so-called user comparison takes place and the role-specific authorizations are stored in the user master record. The master record contains all information about an SAP user, including authorizations.

Do you have questions about the SAP authorization concept? Do you want to revise an existing authorization concept or need help assigning SAP authorizations? Our SAP consultants will be happy to support you in all questions regarding the structure and design of SAP authorization concepts. Based on our many years of experience, we have developed best-practice procedures so that we can support you quickly and cost-effectively both with initial implementations and with challenges during ongoing operations. Arrange a no-obligation consultation and take the next step in your digital transformation.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

The website www.sap-corner.de offers many useful information about SAP basis.


Not only transactional processes, but also the display of results from data analyses or static facts should be supported.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


For this purpose, the so-called AUTHORITY-CHECK is used, which queries the required authorization object characteristics and thus only allows authorized users to execute the code.
Zurück zum Seiteninhalt