SAP Authorizations Concept for in-house developments - SAP Corner

Direkt zum Seiteninhalt
Concept for in-house developments
Authorization Analysis
In a local table, find an entry for the user ID that you are creating in the SU01 transaction. For example, such a local table might be an Active Directory replication or a mini personnel master set, or you may have another data source that you replicate to your SAP system. Then, fill in the fields of transaction SU01 with the data from the local table.

In the SAP standard, there is no universally applicable way to automate the mass maintenance of role derivations. We therefore present three possible approaches: 1) Approach to custom development 2) Automated mass maintenance using the Business Role Management component 3) Use of a pilot note that allows a report for mass update of organisational values in rolls (currently available to selected customers) (BRM) from SAP Access Control.
Set up permission to access Web Dynpro applications using S_START
You can use the BAdI SMIME_EMAIL of the SMIME extension spot and implement the CERTIFICATE_RETRIEVAL and CERTIFICATE_SELECTION methods according to your requirements. This BAdI is called whenever an encrypted e-mail is sent. An extension allows you to search for a valid certificate at run time (for example, the one with the longest validity) to the recipient's email address in a source you defined. In the default implementation, the BAdI searches for the certificate in the Trust Manager's address book. For details on the availability of BAdIs, see SAP Note 1835509.

Access to tables and reports should be restricted. A general grant of permissions, such as for the SE16 or SA38 transaction, is not recommended. Instead, parameter or report transactions can help. These transactions allow you to grant permissions only to specific tables or reports. You can maintain secondary authorization objects, such as S_TABU_NAM, in the Sample Value Care.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

But what if you don't have an identity management system in place? Do you need to type all of this data? No - you can pre-document them automatically.

If you want to know more about SAP authorizations, visit the website

In our case, this would be the AGR_ 1251 table for the Role Permissions Values and the AGR_USERS table for the user assignments in rolls.
SAP Corner
Zurück zum Seiteninhalt