The SAP authorization concept
SNC secures communication with or between ABAP systems, but there are also many web-based applications in SAP system landscapes. They communicate via the Hypertext Transfer Protocol (HTTP). The data is also transmitted unencrypted when communicating via HTTP; Therefore, you should switch this communication to Hypertext Transfer Protocol Secure (HTTPS). HTTPS uses the encryption protocol Transport Layer Security (TLS) for secure data transfer on the Internet. You should therefore set up HTTPS for all users to access the Web. For communication between SAP systems, you should use HTTPS if you think the data transfer could be intercepted. You should either set up HTTPS on individual components of the infrastructure (such as proxies), or the ABAP systems should support HTTPS or TSL directly. Details of the configuration can be found in the SAPHinweis 510007.
Not all users should be able to log on to the application server during your maintenance? Use the security policy and a new profile parameter. When you are performing maintenance work on your SAP system, it is always necessary to prevent users from logging into the application server. This often excludes a small group of administrators who are still allowed to log on to the system. Until now, users had to be locked and the group of administrators excluded from this lock. This is now easier by using the security policy in combination with the login/server_logon_restriction profile parameter.
Analyzing the quality of the authorization concept - Part 1
As a result, you will get an advanced IMG structure, in our example FF Log settings, which you can access via the transaction SPRO. Finally, you could use the transaction COAT (see SAP Note 1089923) to assign additional attributes to your own tables and reports, for example. For example, this could be relevant for the tax audit and final reports or performance critical.
The goal of an authorization concept is to provide each user with the appropriate authorizations in the system individually for their tasks according to a previously defined rule. For this purpose, an authorization concept must be defined as the foundation for efficient authorization assignment. In this way, each employee is given system access through the role-specific assignment of authorizations according to his or her tasks. On the one hand, this protects sensitive information and, on the other, prevents damage caused by incorrect use of data.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
You will now arrive at the Details Selector screen, where you can select the selection fields and the output fields (the List Field Selector and Selection Fields tabs) of your table combination.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
As with the authorization trace, the profile parameter "auth/authorization_trace" must be set accordingly in the parameter administration (transaction RZ10).