Important components in the authorization concept
Full verification of user group permissions when creating the user
First, create an overview of the customising tables currently available in your system. To do this, open the DD02L table and search for tables that start with Y, Z or your specific customer name space. Tables with delivery class C (such as customising, found in column A) are the relevant tables in this context. The descriptive texts to the tables can be found in the table DD02T.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
For an overview of the active values of your security policy, click the Effective button. Note that not only the attributes you have changed are active, but also the suggestion values you have not changed.
Check current situation
When considering the security of SAP transport landscapes, it is not only the production system that is relevant for auditing. The other systems, including the development systems, must also be included in the risk considerations. The SAP_ALL profile is still frequently used there instead of concrete roles. This article identifies the main risk areas.
This approach makes authorization management considerably more efficient, since functional changes do not have a global impact on the entire authorization structure. This ensures the quality of authorizations in the long term. Authorizations in SAP systems enable users to access the applications relevant to their activities. To ensure that processes are mapped securely and correctly, SAP authorizations must be regularly checked and reworked.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Double-click on this icon to open the document.
The evaluation of the licence data via the ZBV with the report RSUSR_SYSINFO_LICENSE provides a result list with the following contents: Contractual User Type - This column contains the actual local user types from the ZBV subsidiary systems.