SAP Authorizations Object S_BTCH_NAM and S_BTCH_NA1 (use of foreign users in Steps) - SAP Corner

Direkt zum Seiteninhalt
Object S_BTCH_NAM and S_BTCH_NA1 (use of foreign users in Steps)
A concept for SAP authorizations prevents system errors and DSGVO violations
In addition, you must note that you may not execute this report on systems that are used as a user source for a Java system. This is due to the fact that a login to the Java system will only update the date of the last login to the ABAP system if a password-based login has taken place. Other Java system login modes do not update the date of the last ABAP system login.

You can automate the translation of the texts by using the LSMW transaction. This transaction is intended for migration tasks, but is also very well suited to allow a particular transaction to be repeated and automated. You record the execution of a transaction and get the variables of the text blocks (technical role name, role description, etc.). You can add values from an import file based on Microsoft Excel to each flow loop. For example, the Excel file contains a table with the columns Technical role name, description German, description English. The LSMW script works through the import file line by line and thus role by role.
User Information System SUIM
Two equal permissions that meet the first maintenance status condition are also combined when all the values of the two permissions differ in one field or when a permission with all its fields is included in the other. However, if there are open permission fields in a permission, they will not be combined unless all permission fields in the permission values are the same.

Structural authorizations work with SAP HCM Organizational Management. They primarily define who can be seen, but not what can be seen, based on evaluation paths in the org tree. Therefore, structural authorizations should only be used together with general authorizations. The determination works via a so-called authorization profile. In this profile, the evaluation paths are used to define how to search on the org tree. Function modules can also be stored, which can be used to determine objects from Organizational Management using any criteria. This makes the structural authorizations very flexible.

With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.

File System Access: The OPEN DATASET statement checks the permissions for the file to open.

You can also find some useful tips from practice on the subject of SAP authorizations on the page

However, the authorization check should only take place on three levels.
SAP Corner
Zurück zum Seiteninhalt