Use Central User Management change documents
Basic administration
We now want to describe the necessary settings in the sending application using the example of encrypted sending of initial passwords. To implement this requirement, you can use the BAdI BADI_IDENTITY_UPDATE. This BAdI is also only available via a support package starting from SAP NetWeaver AS ABAP 7.31. For details on the relevant support packages, see SAP Note 1750161. To implement the BAdIs, use the transaction SE18; there you can also see the example class CL_EXM_IM_IDENTITY_UPDATE. For the BAdI BADI_ IDENTITY_UPDATE, you must implement the SAVE method to the IF_BADI_IDENTITY_UPDATE interface.
You want to secure access to the application server files? Find out what the S_DATASET and S_PATH authorization objects offer, what limitations are, and what pitfalls are lurking. Access to the application server's files is protected by kernel-built permission checks, similar to how transactions and RFC function blocks are started. SAP's proposed permissions for the S_DATASET authorization object do not provide much help, and S_PATH has virtually no information, because you must activate this authorization object only by customising the SPTH table. Often the permissions to S_DATASET are too generous, the SPTH table is not well maintained and S_PATH is not used at all. Here we show you how these permissions work and how you can restrict them.
Reset passwords using self service
A red symbol will not be used in the eligibility tests in the EEA, as the rating has to be carried out individually for each enterprise. There are also different requirements within the system landscape, e.g. on production or development systems. The EWA is deliberately not customisable, as it is designed to alert customers to SAP-rated settings.
You can create such an organisational matrix as an Excel file or in ABAP; This depends on how you want to read the data. When using a common standard solution (e.g. SAP Access Control), a corresponding maintenance view is usually offered. We first describe how you can provide automated mass care in the form of a custom development.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
In general, roles should not contain too many transactions; Smaller roles are easier to maintain and easier to derive.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
After you have saved the entry, the description of the role is also maintained in the target language, in our example in the English language and visible after the login.