Trace after missing permissions
User & Authorization Management with SIVIS as a Service
For an authorization concept, a clear goal must be defined that is to be achieved with the help of the concept. This should list which regulatory requirements the respective system and the associated authorization concept must take into account. In this way, the legal framework is defined, which is a legal necessity for successful implementation.
If you want your own developments to meet your security requirements, just like the standard, you must assign table permission groups to the custom tables. Custom tables, or SAP standard tables that you want to protect in particular, belong to separate, if applicable, customer-specific table permission groups. If extensive permissions are to be granted for system administration or certain applications, this is done with the S_TABU_DIS authorization object for the table permission group. Since many standard tables do not have a table permission group assigned to them and therefore automatically end up in the table permission group &NC&, you should restrict access to this table permission group. For example, certain tables such as T000 (clients) are in a large table permission group (SS: RS: SAP control); therefore, it is better to restrict access via a separate table permission group. You should also always assign custom tables to a table permission group, otherwise they will also be assigned the table permission group &NC&. Therefore, we will explain below how you can create table permission groups and map tables.
RSUSR008_009_NEW
Of course, these objects can be adapted to the requirements of a company at any time. If a new program is required in the namespace of a company, the programmer decides which authorization objects should be checked in this program. If the standard objects do not meet the desired requirements, the programmer can create his own authorization objects that contain the required authorization fields.
Custom programmes should be protected with permissions, just like standard applications. What rules should you follow? Introductory projects usually produce a large number of customised programmes without being subjected to a permission check when they are executed. For your programmes, you should create custom permissions checks by default and manage them accordingly.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Then you can't avoid analyzing the error message of the transaction.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
The SPTH table allows you to protect the file system from ABAP programme accesses without granting permissions and to deliberately define exceptions.