SU21 Maintenance of authorization objects
The results of the tests can be documented so that the development can be considered over a period of time. This way, you will be aware of the revision and of the relevant issues before the examination.
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
Time buffers for job chains lead to long runtimes
Verify that the data file was generated. If it was not created, make sure that the [Page 10] Recreate Data File settings in SPAM settings are enabled. For more information, see Note 70752. ADD_TO_BUFFER In this step, the queue is placed in the transport buffer of your system.
This step is of fundamental importance for the SAP basis. It concerns both the inward-looking perception described in the marketing & self-understanding recommendation and the outward-looking perception in the form of a mission and vision.
Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.
If you want to know what steps are being performed for which scenario, run RSSPAM10.
Here the start permissions for the application's OData service in the backend system as well as permission objects are relevant for the business logic of the OData services used in the application.