SAP Authorizations RSUSR003

Direkt zum Seiteninhalt
RSUSR003
Analyse and evaluate permissions using SAP Query
The More node details area allows you to configure additional settings. For example, by activating the Default Page setting, the selected transaction (in our example MM03) is called first when the parent folder (in our example of the Material Stems folder) is retrieved. The Invisible setting means that the transaction is not visible in the menu, but can be called from a button.

For an overview of the active values of your security policy, click the Effective button. Note that not only the attributes you have changed are active, but also the suggestion values you have not changed.
Further training in the area of authorization management
However, if a company does not have a concept for introducing new SAP authorizations and these are always coupled with new roles, the roles and authorizations will continue to grow. New modules, new processes and new user groups very quickly lead to many authorization groups, numerous authorization roles and complex documentation - even assuming the ideal case that companies have used Excel, for example, for all previous implementations and enhancements and have kept the documentation up to date. What is the purpose of a role? Which user has which authorization? Due to the amount of roles and authorizations, it quickly becomes confusing for users. System performance also suffers as the amount of data increases.

You should then enable the latest version of the hash algorithms by setting the login/password_downwards_compatibility profile parameter to 0. This is required because SAP systems maintain backward compatibility by default. This means that, depending on your base release, either the new hash algorithms will not be used when storing passwords, or additional outdated hash values of passwords will be stored. You should then check to see if there are any old hash values for passwords in your system and delete them if necessary. Use the report CLEANUP_PASSWORD_HASH_VALUES.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

There are several people who want to view the system modifiability settings in your system for specific reasons.

Note that you can only create the index until the previous day - otherwise inconsistencies may occur.
SAP Corner
Zurück zum Seiteninhalt