SAP Authorizations Automatically pre-document user master data - SAP Corner

Direkt zum Seiteninhalt
Automatically pre-document user master data
Set up login locks securely
One way of gaining direct access to downstream systems from the development system and possibly performing unauthorized activities there is to use incorrectly configured interfaces. In principle, interfaces within a transport landscape should be avoided with regard to the criticality of the systems "uphill", i.e. from an "unsafe" to a "safe" system (e.g. E system to Q or P system). However, this cannot always be implemented; for example, such interfaces are needed within the transportation system. Without going too deeply into the subject, however, critical interfaces can be characterized by the following properties. Critical interfaces refer to a critical system and a critical client, contain an interface user with critical authorizations in the target client, contain its deposited password.

A red symbol will not be used in the eligibility tests in the EEA, as the rating has to be carried out individually for each enterprise. There are also different requirements within the system landscape, e.g. on production or development systems. The EWA is deliberately not customisable, as it is designed to alert customers to SAP-rated settings.
Activity level
In IT systems to which different users have access, the authorizations usually differ. How an authorization concept for SAP systems and the new SAP S/4HANA for Group Reporting can look.

The Security Optimisation Service for ABAP contains more security checks than the corresponding section in the EWA. In particular, the number of eligibility checks is higher. A total of 110 eligibility tests are currently defined in the SOS, including 16 critical eligibility tests for HR. The full list of all security checks in the SOS can be found in the SAP Service Marketplace on the page via Media Library (Security Optimisation Service > ABAP Checks).

Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.

Typical authorization objects are "P_PERNR", "P_ORGIN", "P_ORGXX", "PLOG" and "P_PLCX".

At you will also find a lot of useful information on the subject of SAP authorizations.

The e-mail creator is the one who ran the application in the context of which the e-mail was created.
SAP Corner
Zurück zum Seiteninhalt