SAP Authorizations User Information System (SUIM)

Direkt zum Seiteninhalt
User Information System (SUIM)
Challenges in authorization management
If you have an older SAP NetWeaver release than 7.00 installed, only two possible values for the customising switch BNAME_RESTRICT are available after the implementation of SAP Note 1731549. The switch is NO, and you can switch it to ALL, so that the switch takes on the same functionality as in the higher releases.

With more than 28 users, the simple Copy & Paste in the user selection no longer works. However, this does not mean that you have to care for all users individually! It is common for you to make mass changes to users in the SAP system, such as changing role assignments, locking a group of users, or having to adjust their validity dates. Unfortunately, there is no button in the start image of the transaction SU10 that allows users to be pasted from the clipboard. While Copy & Paste allows you to insert users from the clipboard, this feature is limited to the visible area. Therefore, it is not possible to add a list of more than 28 users, which can be very difficult for long lists.
Checking at Program Level with AUTHORITY-CHECK
In many SAP environments, there are historically grown authorization structures that cause unnecessary security gaps. These should be examined closely.

SOS reports can be very comprehensive. In particular, if the Whitelists are not yet maintained, reporting volumes of up to 200 pages are not uncommon. Do not be discouraged in such a case, but start by cleaning up a manageable amount of critical SOS results. You can then edit the further results in several rounds. The AGS recommends which critical SOS results you should consider first; You can find these in the AGS Security Services Master slide set in the SAP Service Marketplace Media Library.

Authorizations can also be assigned via "Shortcut for SAP systems".

If you want to get more information about SAP basis, visit the website www.sap-corner.de.


The authorizations are combined in an authorization profile that belongs to a role.

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.


Depending on the size of the ring buffer and system usage, up to 100 failed permissions checks per user can be displayed for the last three hours.
Zurück zum Seiteninhalt