Authorization objects
Evaluate Permission Traces across Application Servers
Historically grown authorization structures can be found especially in system landscapes that have been in operation for a long time. Instead of small, modular, job-specific roles, existing roles are continually expanded and assigned to different employees in different departments. While this leads to less administrative work in the short term, it causes the complexity of the role to increase massively over time. As a result, the efficiency of authorization development is increasingly lost.
When using encryption mechanisms, be sure to prevent access to the personal security environment (PSE) files in the server's file system and database. To do this, create your own table permission group for the SSF_PSE_D table and restrict programmes from accessing the /sec directory in the file system. For details on securing key tables, see SAP Note 1485029.
Basics SAP Authorizations including Fiori - Online Training
The daily business of an authorization administrator includes the checks and analyses of critical authorizations and combinations in the system. The focus is on users and roles in the respective clients and system rails. The SAP standard report RSUSR008_009_NEW is suitable for this purpose. You must first create corresponding check variants and authorization values for critical authorizations or combinations either using the program itself or transaction SU_VCUSRVARCOM_CHAN. These then correspond to your internal and external security guidelines. You can then run the report with your respective check scope and the corresponding critical authorization or combination variant and check in which roles or users such violations exist. This serves to protect your entire IT system landscape and should be carried out periodically.
The SAP Solution Manager is the central platform for all technically supported services, because information about the connected systems is available when you schedule data collections for these systems via background jobs. The documentation for the safe operation of SAP systems is compiled in the SAP End-to-End Solution Operations Standard for Security (Secure Operations Standard). It provides an overview of security aspects of SAP operations and is designed to guide you through the available information and recommendations and to refer you to relevant content.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Two equal permissions that meet the first maintenance status condition are also combined when all the values of the two permissions differ in one field or when a permission with all its fields is included in the other.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
The SAP HANA Studio shows you in the administration interface which user (the so-called grantor) has assigned the respective privilege to this role (granted).