Check and refresh the permission buffer
Risk: historically grown authorizations
From release 10.1, SAP Access Control supports the creation of users and the assignment of roles and privileges in HANA databases. If you use the concept of business roles in SAP Access Control, you can achieve an automatic installation of the users in SAP NetWeaver AS ABAP and HANA database and the assignment of the ABAP and HANA technical roles (or privileges) when assigning a business role.
In order to use the statistical usage data, you must first extend the default SAP value of the retention time to a reasonable period of time. For a representative period, a minimum of 14 months and a maximum of 24 months shall be sufficient. This includes day-to-day business, monthly financial statements, underyear activities such as inventory and annual financial statements. Now call the transaction ST03N and navigate to: Collector & Perf. Database > Performance Database > Workload Collector Database > Reorganisation > Control Panel.
Architecture of authorization concepts
The object S_PROGRAM checks since SAP Release 2.x for the field TRDIR-SECU i.e. the authorization group of the program. As of Release 7.40, you can optionally switch on a check for the object S_PROGNAM. For more information, see note 2272827 for further instructions. The check on S_PROGNAM MUST first be activated in the customer system. Note, however, that they CORRECTLY authorize S_PROGNAM before doing so, otherwise NOBODY except emergency users will be able to start any report or report transaction after the SACF scenario is activated.
For the configuration, you must first enable encryption and, if necessary, signing in the SAPConnect administration. To do this, go to Settings > Outgoing Messages > Settings on the Signing & Encryption tab of the SCOT transaction. Note that the activation only enables the encryption or signature of emails; whether this is actually done always controls the sending application.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.
In the development and creation of authorization objects, some functionalities of the SAP hint are extremely helpful, which we present in this tip.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
The CRMD_UI_ROLE_PREPARE report identifies and lists all external services defined in the customising of the CRM business role.