SAP Authorizations System trace function ST01

Direkt zum Seiteninhalt
System trace function ST01
PROGRAM START IN BATCH
The second example requires additional permission checks to display certain documents in the FBL*N transactions. This can be achieved by means of the expression and activation of a function block in the BTE, the so-called processes and events. The sample function module BTE for the event 1650 can be found in the FIBF transaction in the area of Publish-&-Subscribe interfaces (Environment > Information System (P/S)). The sample function module is basically used to enrich data in the item display. To do this, he passes the complete record per document line and expects it to be enriched back. This is exactly what we are using.

You can use the Security Audit Log to control security-related events. Learn how to configure it to monitor the operations that are relevant to you. You want to use the Security Audit Log to monitor certain security-related operations or particularly well-authorised users in the SAP system. For example, you can log failed RFC calls system-wide, delete users, or log all activities of the default user, DDIC. For these loggers you need different recording filters and, if necessary, the possibility to select generic clients or users. Therefore, we will show you the settings you can make when configuring the Security Audit Log.
Grant spool jobs
Finally, you can extend your implementation of the BAdIs BADI_IDENTITY_SU01_CREATE and pre-enter additional fields of the transaction SU01. To do this, complete the appropriate SET_* methods of the IF_IDENTITY interface. For example, it is possible to assign parameters that should be maintained for all users, assign a company, or assign an SNC name.

Due to the changed suggestion values in the SU24 transaction, you must now perform step 2c (roles to verify) to update all roles affected by the changed proposal values. Role changes are only customised! You will get a list that shows all the roles you need to edit. If you have more than one client to maintain roles, you must also do this in the other client.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

Even if you correct the error manually in the role by manually deleting the manually maintained value of the organisation levels in the authorization object, the value in question is not drawn from the organisation level.

However, it is difficult for a support worker to understand permissions errors because they have different permissions and are often missing detailed information about the application where the permission error occurred.
SAP Corner
Zurück zum Seiteninhalt