Advantages of authorization tools
We recommend that you implement all safety instructions of priority very high (1) and high (2) directly. On the other hand, you can implement medium (3) and low (4) security advisories via support packages, which you should also include regularly. If you are unable to insert a support package at the moment, SAP will also provide you with the priority 3 and 4 security advisories. For the evaluation of the security advisories, you should define a monthly security patch process.
This start authorization check is delivered inactive. To use it, you must activate it. After activation, you can use authorizations to control which Web Dynpro ABAP applications users are allowed to run. For the start authorization check of Web Dynpro ABAP applications, the system uses the authorization object S_START in the same way as the authorization object S_TCODE for transactions. The object has the fields AUTHPGMID, AUTHOBJTYP and AUTHOBJNAM, which correspond to the key fields PGMID, OBJECT and OBJ_NAME of the object catalog (table TADIR). So, during the start authorization check, the Web Dynpro ABAP runtime checks the key of the object catalog entry for the Web Dynpro ABAP application.
Security Automation for SAP Security Checks
For users for which no user type has been defined in the ZBV, either the default user type of the subsidiary system or the user type defined by the local measurement programme (transaction USMM) run is reported in the Contractual User Type column. In this case, no value is reported in the Value column in the control centre. If the user type has been defined via a local run of the surveying programme and this type of user is not stored in the ZBV, you should re-import the licence data for this user from the subsidiary system into the ZBV using the transaction SCUG. If there are users in the daughter systems for which the value in the columns of the Contractual User Type and Value in ZBV Central differ, either the IDoc of the ZBV has not yet been processed, or the user type has been changed locally. In these cases, you should check what the differences are and also correct them.
Tax reporting: The tax reporting system in SAP is based on the accounting area. The Profit Centre is not intended as a reporting unit here.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Finally, the check logic provides for a row-level check within a table if you want to restrict access to the table contents depending on an organisational mapping.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
In addition, it allows for a targeted activation or deactivation of the implementations.