Evaluation of the authorization check SU53
Set up permissions to access specific CO-PA measures
In addition to SAP standard software, do you also use custom ABAP programmes? Learn how the SAP Code Vulnerability Analyser can scan your customer code for potential security vulnerabilities and resolve them if necessary. Permission concepts, firewalls, anti-virus and encryption programmes alone are not enough to protect your IT infrastructure and IT systems against internal and external attacks and misuse. Some of the risks are identified by potential security vulnerabilities in the ABAP code, most of which cannot be addressed by downstream measures and therefore need to be addressed in the code itself. It should also be noted that the permission concepts used can be circumvented by ABAP code, which underlines the weight of security vulnerabilities in the ABAP code. While SAP is responsible for providing security information to help close security vulnerabilities in standard code, it is up to you to address security vulnerabilities in custom ABAP programmes. Companies are subject to a whole range of legal requirements on data protection and data integrity, and you can fulfil them as far as possible with the help of a new tool. The SAP Code Vulnerability Analyser is integrated into the ABAP Test Cockpit (ATC) and thus available in all ABAP editors such as SE80, SE38, SE24, etc. Developers can use it to scan their code for vulnerabilities during programming and before releasing their tasks. This reduces testing costs and costs.
You have now successfully recorded the blueprint. Now the slightly trickier part follows: The identification of the values to be changed at mass execution. In the editor of your test configuration, at the bottom of the text box, is the record you have created: TCD ( PFCG , PFCG_1 ). Double-click the PFCG_1 interface. On the right, a new detail with the recording details appears. Now you have to look for your input a bit. For example, use the role name entered on the PFCG entry screen (field name 'AGR_NAME_NEW'). Now comes an important step: Replace the values you entered during the recording with a placeholder, a so-called input parameter. To do this, go to the VALIN line and type any parameter name, such as ROLLENNAME, instead of the role name you entered. Click Enter and you will be asked what type of parameter it is. Specify Import and confirm with Yes.
Do not assign SAP_NEW
For users for which no user type has been defined in the ZBV, either the default user type of the subsidiary system or the user type defined by the local measurement programme (transaction USMM) run is reported in the Contractual User Type column. In this case, no value is reported in the Value column in the control centre. If the user type has been defined via a local run of the surveying programme and this type of user is not stored in the ZBV, you should re-import the licence data for this user from the subsidiary system into the ZBV using the transaction SCUG. If there are users in the daughter systems for which the value in the columns of the Contractual User Type and Value in ZBV Central differ, either the IDoc of the ZBV has not yet been processed, or the user type has been changed locally. In these cases, you should check what the differences are and also correct them.
In the SU10 transaction, click the Permissions Data button in the User Selection pane. At this point there is a jump to the report RSUSR002. In the selection screen of the report that appears, you can select the multiple selection to the User field by clicking the arrow button and insert the users from your selection by pressing the button (upload from clipboard).
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
However, you can maintain your own UI components as external services with suggestion values in the SU24 transaction and take advantage of this information in PFCG role maintenance.
This is determined by the function block and not by the developer.