Maintaining Authorization Objects (Transaction SU21)
Starting Web Dynpro ABAP applications
Excel-based tools typically do not know the release-specific suggestion values (they often work without the in-system suggestion value mechanism, because they do not use the PFCG transaction). This also means that it is not possible to upgrade rolls with standard SAP tools, such as the SU25 transaction. This also increases the dependency on the external tool, and the authorisation system is further removed from the SAP standard and the best practices recommended by SAP in role management.
A user is displayed in the results list if one of the two transactions with the corresponding expression is included in its corresponding permission profile. If the logical link were fully linked to OR, a corresponding user would appear in the results list if only one of the four permissions is in the user's master set and thus in the permission profile.
SAP S/4HANA® Launch Pack for Authorizations
Do you need to integrate the S_TABU_NAM authorization object into your existing permission concept? In this tip, we show you the steps that are necessary to do this - from maintaining the suggestion values to an overview of the eligible tables. You have added the S_TABU_NAM authorization object to your permission concept, so that users can access the tables not only through the S_TABU_DIS authorization object, but also through S_TABU_NAM. This directly regulates access to the tables via table permission groups or, if access is not allowed through table permission groups, via the table permission (see Tip 73, "Use table editing authorization objects"). Do you want to identify the tables or created parameter transactions that allow access to only specific tables to maintain SU24 for these suggested values in the transaction? This makes it easier to maintain PFCG roles. Furthermore, a tool would be useful to give you an overview of the tables for which a user is entitled.
Sometimes implementation consultants are also confronted with the situation that no authorization concept exists at all. This happens, for example, when changes in SAP SuccessFactors responsibilities occur on the customer side or different implementation partners were active in the past. However, a missing concept can lead to errors in the system. Users cannot perform certain actions, or worse, people see sensitive data that they should not see. This can, in the worst case, constitute a DSGVO violation and lead to a fine for the company.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.
Therefore, not only the one-time setup of authorizations is relevant, but also the continuous monitoring and control of the authorization assignment.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Let's say that a user - we call her Claudia - should be able to edit the spool jobs of another user - in our example Dieter - in the transaction SP01.