SAP Authorizations Installing and executing ABAP source code via RFC - SAP Corner

Direkt zum Seiteninhalt
Installing and executing ABAP source code via RFC
Set Configuration Validation
For the scenario of sending initials passwords, signing emails is not so relevant. Although it is possible to send an encrypted e-mail with a fake sender address, in this case the initial passwords in the system would not work. It looks different when you send business data; In such cases, verification of the sender via a digital signature is recommended. If you want to send e-mails digitally signed, we advise you to send them at the system's e-mail address. To do this, use the SEND_EMAIL_FOR_USER method described and place the sender's tag on the system. In this case, you need a public key pair for your ABAP system, which is stored as a Personal System Security Environment (PSE). For a detailed description of the configuration, including for verification and decryption of received emails, see the SAP Online Help at and SAP Note 1637415.

If you have a Central User Administration (ZBV) in use, there are certain dependencies between the base release of your ZBV and the base release of the subsidiary systems. Check the compatibility of your systems before setting the login/password_downwards_ compatibility profile parameter. For details on the technical dependencies between releases, see SAP Note 1458262.
Use application search in transaction SAIS_SEARCH_APPL
Over the button field maintenance also own-developed authorization fields can be created to either a certain data element is assigned or also search assistance or check tables are deposited. On the topic has been described in more detail including a video recording in the article "Creating Authorization Objects with SAP Transaction SU21".

Today we come to the error analysis with authorizations. The best thing that can happen is the error of the type: "I don't have authorization to do this and that!" (CASE1). Worse is the case that someone has too many permissions, i.e. the type: "User xy should not have this permission anymore" (CASE2). How to proceed? First of all we come to case 1 This case, that someone has no authorization for something, supports the system excellently! The code word is SU53! If a transaction encounters an authorization error, then this error is written to a memory area that can be displayed. For this there is once the transaction SU53 or the menu selection "System/Utilities/Anc authorization check". With this function, the system outputs information showing which authorization objects are missing for the user.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

For example, in an authorization object for a company code, if the user is to be given the option of using company code 1000 in display mode only (i.e. read only), but company code 2000 in "change" and "display" mode, the object is defined accordingly with two instances.

You can also find some useful tips from practice on the subject of SAP authorizations on the page

You can define these requirements in the SAP Solution Manager Configuration Validation application and evaluate compliance with these requirements in all systems.
SAP Corner
Zurück zum Seiteninhalt