Authorization concept of AS ABAP
Query the Data from an HCM Personnel Root Record
Once you have logged in, the permissions associated with your user (via the user account) will be available. Each of your actions leads to the use of runtime versions of the corresponding objects. This also applies to every privilege and role. Runtime versions of rolls are not transportable in SAP HANA. However, in order to achieve a high quality in the development of your applications, you should use a system landscape with development system (DEV), quality assurance system (QAS) and productive system (PRD). To enable you to translate development results to QAD and PRD, SAP HANA Studio provides you with the opportunity to create objects in a (freely definable) Design Time Repository that you can provide and transport via Delivery Units to other systems.
First, create an overview of the customising tables currently available in your system. To do this, open the DD02L table and search for tables that start with Y, Z or your specific customer name space. Tables with delivery class C (such as customising, found in column A) are the relevant tables in this context. The descriptive texts to the tables can be found in the table DD02T.
General authorizations
The permission check for the S_PATH object is performed as described only for files corresponding to a path with a permission group in the SPTH table. In our example, you should grant permission for the S_PATH object with the value FILE in the FS_BRGRU field to access files with the path /tmp/myfiles*. Note that the authorization object only distinguishes two types of access. These two values summarise the access types of the S_DATASET authorization object. The value Modify corresponds to the values Delete, Write, and Write with Filter; the value View corresponds to Read and Read with Filter.
The high manual maintenance effort of derived roles during organisational changes bothers you? Use the variants presented in this tip for mass maintenance of role derivations. Especially in large companies, it often happens that a worldwide, integrated ERP system is used, for example, for accounting, distribution or purchasing. You will then have to limit access to the various departments, for example to the appropriate booking groups, sales organisations or purchasing organisations. In the permission environment, you can work with reference roles and role derivations in such cases. This reduces your administrative overhead for maintaining functional permissions and reduces the maintenance effort for role derivations to adapt the so-called organisational fields. However, maintaining the organisational fields can mean enormous manual work for you, as the number of role derivations can become very large. For example, if your company has 100 sales organisations and 20 sales roles, you already have 2,000 role outlets. Here we present possible approaches to reduce this manual effort.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
Some useful tips about SAP basis can be found on www.sap-corner.de.
"SAP direct access" analyzes the licenses for actual usage and classifies the critical cases.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
Authorization object: Authorization objects are groups of authorization fields that control a specific activity.