Authorization concept of AS ABAP
Starting reports
Increasingly, it is possible to make use of automation in the security environment. Although these are not yet used by many companies, they are the next step in digital transformation. By using automation intelligently, companies can free up resources for the innovation topics that really matter. In the future, we can expect both the number and power of automation tools to increase. It is therefore only a matter of time before SAP itself also delivers optimized support in the form of tools as standard.
The context-dependent authorizations combine the general and structural authorizations and avoid situations like in the example above. The context-dependent authorizations can be separated so finely that a separation of functions can be made possible without any gaps. Basically, with context-dependent authorizations, the authorization objects are supplemented by structural authorization profiles. This means that authorizations are no longer assigned generally, but only for the objects in the authorization profile. The use of context-dependent authorizations means that the familiar P_ORGIN authorization objects are replaced by P_ORGINCON and P_ORGXX by P_ORGXXCON. The new authorization objects then contain a parameter for the authorization profile.
Maintain proposed values using trace evaluations
Balance: In the settlement transactions, the user is only presented with the supporting documents for which he or she has permission. If the Profit Centre field is not filled in the journal view (Table BSEG), the general ledger view (usually Table FAGLFLEXA) is checked. To compensate, we recommend that you include the Profit Centre in the selection fields of the balancing transactions.
SAP NetWeaver 7.31 introduces a new method for determining affected applications and roles by timestamping (see tip 45, "Using the timestamp in the transaction SU25"). With the Support Package 12 for NetWeaver Release 7.31 and Support Package 4 for NetWeaver Release 7.40 from SAP Note 1896191, the Expert Mode function for taking SU22 data for step 2 has been added.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
You can use the S_START authorization object to map this request in the PFCG roles.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
Now assign the reduced SAP_NEW permission profile to all users in the upgrade preparation system, ensuring that all users can work as usual.