AUTHORIZATIONS IN SAP SYSTEMS
Implementing Permissions Concept Requirements
You can implement the first request for additional verifications when performing document transactions by using document validation. In this example, we assume that the document is posted through an interface and that you want to check permissions for custom authorization objects and/or certain data constellations. There are different dates for document validation. The complete document can always be validated, if only the information from document header (time 1) or document position (time 2) is available to you, this can also be sufficient depending on the scenario. In such cases, you need to create validation at the appropriate times. Before you can write a User-Exit in a validation, you have to make some preparations.
Authorizations are assigned to users in SAP systems in the form of roles. The goal is to create a system that is as secure as possible and to keep the complexity and number of roles as low as possible. This is the only way to achieve a balanced cost-benefit ratio.
Query Data from a Local Table
Documents: The documents in the audit structure describe the audit steps. You can create them in accordance with your audit requirements. You can recognise documents by the symbol. Double-click on this icon to open the document.
Assigning clear authorizations to employees is not a sign of mistrust, but offers a high level of protection - both for the company and for the employees themselves. By assigning SAP authorizations on a role-specific basis, each employee is given access to the system according to his or her task.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
Give the script a talking name, such as Z_MASSENGERATION_DERIVATIVES.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
You can use the following reports: RSUSR_LOAD_FROM_ARCH_PROF_AUTH / RSUSR_LOAD_FROM_ARCHIVE.