Authorization object documentation
Authorization Analysis
The permissions on database objects show you the details of the user's permissions to access the object. In the following example, the MODELING role includes permission to use the _SYS_BI object with the EXECUTE, SELECT, INSERT, UPDATE, and DELETE privileges. In addition, a user assigned this role is not allowed to pass these privileges on to other users (Grantable to Others). Our role as an example also includes Analytical Privileges and Package Privileges, which are not discussed here.
Before using the system recommendations, we recommend that you implement the corrections in SAP Notes 1554475 and 1577059. It is also necessary that the systems to be managed are connected to the SAP Solution Manager and that in the transaction SMSY were assigned to a productive system and an SAP solution. Then, in the System Recommendations settings, schedule a background job that collects the relevant information about the attached systems. Relevant information is your release and support package stand, as well as SAP notes and their versions. An OSS connection from the SAP Solution Manager, which you have to set up beforehand, will then perform a calculation in the SAP Global Support Backbone, which will determine the necessary information, i.e., that the SAP Solution Manager itself hardly generates any load from the calculation. To automatically check the security level of your systems, you should also schedule this calculation as a background job.
ICS for business processes in SAP systems
The SAP CO module is the module for classic controlling in a company. Part (the responsible area) of it is the control and analysis of costs. This also includes the control of the cost types and the cost rates that are incurred and posted in the company. Controlling then usually reports directly to the company management. It is supported by the tools from the SAP CO module, which can provide comprehensive evaluations and analyses. SAP CO can be subdivided into several further subareas. These include, for example, CO-PC (Product Cost Accounting), CO-PA (Profitability Analysis) or PCA (Profit Center Accounting).
Users' favourite lists provide valuable information about the transactions they use. With the knowledge of the favourites, you can therefore avoid gaps in your authorisation concept. In the SAP system, each user has the ability to save frequently used functions as their own favourites. In practice, we have found that this feature is very often used by users. If you create a new permission concept, it is useful to include the favourites in the viewing. Because the favourites don't just store used transactions over and over again, but also transactions that users use only occasionally. These occasional transactions could be quickly forgotten when redesigning a eligibility concept. Therefore, we always recommend that you match the transactions you have considered with the favourites stored in your system.
Authorizations can also be assigned via "Shortcut for SAP systems".
Which authorization objects are checked (SU22)? When calling a transaction, such as the ME23N, various authorization objects are checked.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
To do this, use the SUIM_CTRL_CHG_IDX report without selecting a date and check the Reset Index box.