SAP Authorizations Architecture of authorization concepts

Direkt zum Seiteninhalt
Architecture of authorization concepts
RSUSRAUTH
You want to document internal system revisions and authorisation monitoring? The new cockpit of the Audit Information System offers you some practical functions. There are several legal requirements that require a regular audit of your SAP system. As a general rule, there are internal and external auditors who carry out such audits. In addition, user and permission management can set up their own monitoring of permissions to avoid unpleasant surprises during audits. Auditor documentation is often standardised in the case of external auditors; for the internal audit or your own monitoring, however, in many cases a suitable documentation is missing. In spite of automated evaluations, external auditors often also demand an activation of the Audit Information System (AIS). We will show you how to activate the AIS and take advantage of the new AIS cockpit.

Reference users are not intended to access an SAP system, but are used for authorisation administration and therefore always have a disabled password. Reference users inherit the permissions assigned to them to the users with whom the reference user is registered. For this purpose, the user buffer of the reference user is also created at login and these entries are also checked during permission checks of the inheriting user.
Evaluation of the authorization check SU53
Authorization: An authorization allows a user to perform a specific activity in the SAP system based on a set of authorization object field values. Authorizations allow users to perform actions within the system.

Do you want to automatically monitor the security settings of your systems and receive convenient evaluations? We will explain how to use configuration validation. If you have a large SAP system landscape in use, the control of the many different security settings can be complex. You define your security requirements for the entire SAP system landscape; they concern, for example, the settings of the profile parameters, the handling of safety instructions or critical permissions that may only be assigned to emergency users. You can define these requirements in the SAP Solution Manager Configuration Validation application and evaluate compliance with these requirements in all systems.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

When you copy the values from the TPCPROGS table, the TPC4 transaction is quickly configured.

Various solutions are offered on the market that offer this functionality in the same or similar form.
SAP Corner
Zurück zum Seiteninhalt