SAP Authorizations Adjust tax audit read permissions for each fiscal year - SAP Basis

Direkt zum Seiteninhalt
Adjust tax audit read permissions for each fiscal year
Task & functionality of the SAP authorization concept
SAP authorizations control the access options of users in an SAP system, for example to personal data. Managing this access securely is essential for every company. This makes authorization concepts, authorization tools and automated protection of the SAP system all the more important.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.

The Security Audit Log now logs the table or view name and the scheduled activity of external table access via RFC connections; a new message type has been defined. You can find this fix and an overview of the required support packages in SAP Note 1539105.
Conclusion
However, it is possible to include the same role in several tasks of different operators within each contract. This increases transparency for you, because all participants can instantly identify which users are editing the role. Before you enable the use of the SCC4 transaction setting for role maintenance, you should release existing role transports to avoid recording conflicts. As a rule, you do not choose the setting depending on your role-care processes; So you have to think very carefully about what the activation will do.

The SU25 transaction lists additional customisation options in addition to upgrade activities. Under the item Adjustment of the permission checks (optional) are the transactions SU24 for the maintenance of the value of the proposal, the transaction AUTH_SWITCH_OBJECTS for the global elimination of the authorization objects as well as the transaction SE97 for the maintenance of transaction startup permissions checks (see Tip 76, "Maintain transaction start permissions when calling CALL TRANSACTION"). In the Manual Adjustment section of selected roles, you can create roles from manually created profiles, generate SAP_NEW (see Tip 64, "Use SAP_NEW correctly"), or generate SAP_APP as roles. In the General maintenance for suggestion values section, the reports SU2X_CHECK_WDY_HEADER for the registration of header data for external services (see tip 38, "Use the SU22 and SU24 transactions correctly") and SU2X_CHECK_CONSISTENCY for the concession test (available via the in SAP Note 16466666446445) 692 named Support Package) of suggestion values for the selected authorization objects.

Authorizations can also be assigned via "Shortcut for SAP systems".

Because previously all password rules for the service user were invalid, and now the rules for the contents of the passwords also apply to the service user (see Tip 5, "Defining User Security Policy" for details on security policy).

A role can contain a large number of authorization objects.
SAP BASIS
Zurück zum Seiteninhalt