SAP Authorizations Use usage data for role definition

Direkt zum Seiteninhalt
Use usage data for role definition
Check and refresh the permission buffer
If you do not want to use reference users, you can hide the Reference User field for additional permissions via a standard variant for the transaction SU01. The necessary steps are described in SAP Note 330067.

HR authorizations are a very critical issue in many companies. On the one hand, HR administrators should be able to perform their tasks - on the other hand, the protection of employees' personal data must be ensured. Any error in the authorization system falls within the remit of a company's data protection officer.
Security Automation for SAP Security Checks
You can influence the default behaviour of various transactions and parameters with the customising switches for the maintenance of Session Manager and Profile Generator as well as the user and permission management. The SSM_CID table gives you an overview of all customising switches supplied by SAP, specifying the relevant tables SSM_CUST, SSM_COL, PRGN_CUST and USR_CUST. The short description of the customising switch refers to the relevant and current SAP references. The actual settings can be found in the SSM_CUST, PRGN_CUST and USR_CUST tables.

For a call of transactions from SAP ERP from the SCM system to work, the RFC connection to be called for each ERP transaction must be maintained. To do this, click the More node details button and select the Target system item.

During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.

On www.sap-corner.de you will also find useful information about SAP basis.


The Security Audit Log now also logs events where the runtime was affected by the debugger.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.


The role(s) have only the authorization object S_DEVELOP with the field value DEVCLASS "Z*".
Zurück zum Seiteninhalt