Analyzing the quality of the authorization concept - Part 1
System trace function ST01
The results of the evaluation are marked with a coloured symbol. Classification varies for the different eligibility tests. The EWA does not only contain security-related tests and is therefore divided into different sections (e.g. hardware, performance). The test results in these areas are displayed with a traffic light symbol. If one of the tests within a section is indicated in red, the traffic light for that section shall also be set in red.
Identify the user master record in the Active Directory associated with the user ID that you are creating in the SU01 transaction. To do this, search within the Active Directory for a user master set for which the user ID you are looking for is entered as the SAP user name. Next, fill in the transaction SU01 fields with the data from the Active Directory User Set.
Customising User and Permissions Management
The More node details area allows you to configure additional settings. For example, by activating the Default Page setting, the selected transaction (in our example MM03) is called first when the parent folder (in our example of the Material Stems folder) is retrieved. The Invisible setting means that the transaction is not visible in the menu, but can be called from a button.
The P_ABAP (HR-Reporting) authorization object is not required to execute reports, but is intended to improve performance during execution. In addition, it can be used when reports require permissions for info types that the user should not receive in other cases, which is more common. For example, the right to display information type 0008 (basic salary) is also required for the execution of the travel statement reports. The Invoice Payer Programmes also require P_ABAP permissions to process personal data.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
SAPHinweis 1257133 describes the procedure for creating such a concept.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
For an overview of the profile parameters for the Security Audit Log, see the following table.