Equal permissions
Context-dependent authorizations
There are extensive revision requirements for password rules. Learn how to define these requirements globally, which special characters are accepted by the SAP standard, and how to set the parameters for generated passwords. Do you not want to use SAP's standard password creation rules, but rather make your own password requirements for your users? Do you need to implement internal or external security requirements, such as audit requirements? You do not want to allow certain words as passwords, exclude certain special characters or change the formats of passwords generated by the SAP system? In the following we give you an overview of the possible characters, the existing profile parameters and the customising settings for passwords.
Historically grown authorization structures can be found especially in system landscapes that have been in operation for a long time. Instead of small, modular, job-specific roles, existing roles are continually expanded and assigned to different employees in different departments. While this leads to less administrative work in the short term, it causes the complexity of the role to increase massively over time. As a result, the efficiency of authorization development is increasingly lost.
Customise evaluation paths in SAP CRM for indirect role mapping
In addition to SAP book recommendations on SAP authorizations, I can also recommend the books from Espresso Tutorials such as "SAP Authorizations for Users and Beginners" by Andreas Prieß * or also the video tutorial "SAP Authorizations Basics - Techniques and Best Practices for More Security in SAP" by Tobias Harmes. Both are, among other media, also included in the Espresso Tutorials Flatrate, which I have also presented in more detail under SAP Know How.
For the application identifier (defined in the TBE11 table), see the TPCPROGS table. The organisational unit is evaluated in the context of the application label. In general, this is the accounting area.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
These single roles can also be combined into composite roles.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
The security of business data depends directly on the authorizations assigned.