Integrate S_TABU_NAM into a Permission Concept
SAP AUTHORIZATIONS: THE 7 MOST IMPORTANT REPORTS
We can now execute the test script en masse with any input. We need a test configuration for this. In the example Z_ROLLOUT_STAMMDATEN, enter a corresponding name and click the Create Object button. On the Attribute tab, specify a general description and component. On the Configuration tab, select the test script you created earlier in the corresponding field. Then click the Variants tab. The variants are the input in our script. Since we do not know the format in which eCATT needs the input values, it is helpful to download it first. To do so, select External Variants/Path and click Download Variants.
SOS reports can be very comprehensive. In particular, if the Whitelists are not yet maintained, reporting volumes of up to 200 pages are not uncommon. Do not be discouraged in such a case, but start by cleaning up a manageable amount of critical SOS results. You can then edit the further results in several rounds. The AGS recommends which critical SOS results you should consider first; You can find these in the AGS Security Services Master slide set in the SAP Service Marketplace Media Library.
Generic access to tables
The requirements for the architecture of authorization concepts are as individual as the requirements of each company. Therefore, there is no perfect template. Nevertheless, there are topics that should be considered in an authorization concept.
Careful preparation is a prerequisite for a successful authorisation check. A functional specification must be created for all customer-specific functionalities. This forces us to think about what the actual requirements of the application are and then describe the possible implementation. In doing so, security-related aspects, such as eligibility testing and allocation, must be taken into account. Define what you can do with this programme and also what you cannot do explicitly! In the case of a permission check, not only the activity to be performed, such as reading, changing, creating, etc. , can be checked. You can also restrict access to records by using specific criteria, such as field content or organisational separators.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Some useful tips about SAP basis can be found on www.sap-corner.de.
Based on the authorization concept, the administrator assigns authorizations to users that determine which actions a user is allowed to perform in the SAP system after logging on to the system and being authenticated.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
As soon as a Database User is deleted, all (!) database objects created by this Database User are also deleted.