SAP Authorizations In-house role maintenance

Direkt zum Seiteninhalt
In-house role maintenance
Transactional and Native or Analytical Tiles in the FIORI Environment
You can use authorization objects to restrict access to tables or their content through transactions, such as SE16 or SM30. The S_TABU_DIS authorization object allows you to grant access to tables associated with specific table permission groups. You can view, maintain, and assign table permission groups in transaction SE54 (see Tip 55, "Maintain table permission groups"). For example, if an administrator should have access to user management tables, check the permission status using the SE54 transaction. You will notice that all the user management tables are assigned to the SC table permission group.

Now, if a user attempts to execute a report (for example, by using the KE30 transaction), the user's permissions for that authorization object are checked. Therefore, you must adjust your permission roles accordingly. If the user does not have permission to access the object, his request is rejected. If it has a corresponding permission, the display will be restricted to the permitted area. Access is still allowed for all characteristics or value fields that are not defined as fields of the authorization object.
Maintain derived roles
Suggested values are maintained in the transaction SU24 and delivered through the transaction SU22. Read more about the differences between these two transactions. Maintaining suggestion values via the SU24 transaction is useful if you want to reflect your own requirements or if the values provided by SAP do not meet customer requirements (see Tip 37, "Making sense in maintaining suggestion values"). These proposed values form the basis for the role maintenance credentials in the PFCG transaction. As you know, the suggested values provided by SAP are in the transaction SU22, which are delivered during reinstallation or upgrades as well as in support packages or SAP hints. What is the difference between transactions and how are they used correctly?

An SAP authorization concept is used to map relevant legal standards and internal company regulations to the technical protection options within an SAP system. Authorization concepts are thus the key to optimal protection of your system, both externally and internally.

With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.

The usual space has a hexadecimal value of 20, but there are alternative spaces (wide spaces), which can be recognised, for example, as double width or not at all as character spacing.

As a result, you will get an advanced IMG structure, in our example FF Log settings, which you can access via the transaction SPRO.
SAP Corner
Zurück zum Seiteninhalt