Authorization concept of AS ABAP
Analyse and evaluate permissions using SAP Query
In SAP systems you always have the possibility to integrate custom developments. In such extensions or your own programmes, you must implement permission checks and may also create your own authorization objects. You can also supplement authorisation checks in standard transactions if the existing checks do not cover your requirements.
Here I had to look for a moment at which point for SAP key users and not only for the SAP Basis in the SAP system an authorization is callable and may like to take this as an opportunity to write here in the article a few basics on the "anatomy" of SAP authorizations. To access the SAP system, the first thing you need is an SAP user ID (User). The user maintenance transaction SU01 (or SU01D) can be used to assign roles (from which profiles are derived) in addition to the (initial) password and personal data.
Solution approaches for efficient authorizations
Typically, this includes permissions that can be used to delete change records in the system or electronically erase them. The traceability of changes is also important in the development system, which is why the authorizations listed below should only be assigned very restrictively or only to emergency users.
There are many advantages to using an authorization tool for companies. These include: - Managing authorization requests - Distributing and assigning authorizations - Auditing authorizations - Developing authorizations. With the help of authorization tools, it is possible, for example, to drastically reduce the effort required for role creation and authorization management through concrete assignment of SAP system roles.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
In compliance with the minimum principle and the separation of functions, the roles used must be defined, along with specifications for their naming, structure and use.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
To avoid the password being unnecessarily transferred, it is better to initiate the despatch within your central SAPS system.