SAP Authorizations Add external services from SAP CRM to the proposal values - SAP Corner

Direkt zum Seiteninhalt
Add external services from SAP CRM to the proposal values
Efficient SAP rollout through central, tool-supported management
Finally, we want to give you some recommendations for securing file access. The SPTH table allows you to protect the file system from ABAP programme accesses without granting permissions and to deliberately define exceptions. The problem is identifying the necessary exceptions. However, because the SPTH check is always performed together with the S_DATASET object check, you can use a long-running permission trace to find the paths that are used with filters for the S_DATASET authorization object. The procedure for this is described in detail in our Tip 39, "Maintain suggestion values by using trace evaluations". If you are using applications that access files in the DIR_HOME directory without a path, such as the ST11 transaction, you must specify access to the allowed file groups individually (e.g. dev_, gw_), because there is no wild card for DIR_HOME.

You cannot increase the retention time afterwards; Therefore, you should adjust the configuration in good time before starting a project. In addition, you should change the settings of the stat/rfcrec and stat/rfc/distinct profile parameters. For example, you should increase the value of stat/rfcrec to 30, and stat/rfc/distinct should be set to 1. This improves the completeness of the recorded RFC usage data. For details on the technical improvements, see SAP Note 1964997.
Starting Web Dynpro ABAP applications
HR authorizations are a very critical issue in many companies. On the one hand, HR administrators should be able to perform their tasks - on the other hand, the protection of employees' personal data must be ensured. Any error in the authorization system falls within the remit of a company's data protection officer.

What's New from System Trace for Permissions! Here, features have been added that make recording and role maintenance much easier. Permission values in PFCG roles are maintained and debugging requires the use of the system trace for permissions. In the past, SAP customers have asked for more ease of use, since the trace evaluation is sometimes confusing.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

You can activate the SAP Code Vulnerability Analyser with the RSLIN_SEC_LICENSE_SETUP report, but you have to pay additional royalties for it.

The website offers a lot of useful information about SAP authorizations.

We will give you a rough guide as to when it makes sense to maintain suggestion values.
SAP Corner
Zurück zum Seiteninhalt