Bypass Excel-based Permissions Traps
Understanding SAP HANA Permissions Tests
Careful maintenance of suggestion values in the relevant authorization objects results in recurring benefits in creating and revising roles for Web applications. In addition, the SU25 transaction supports role post-processing in the context of SAPUpgrades.
You can still assign roles and profiles to a user if you have the appropriate permissions to these activities. As long as no user group is associated with the user, permissions for any user group will be sufficient. If you assign a user group to the newly created user, all the checks will be repeated for that user group.
Advantages of authorization tools
Furthermore, the statistical data of other users (user activities, such as executed reports and transactions) should be classified as sensitive, since it may be possible to draw conclusions about work behavior using this data. This data can be displayed using transaction ST03N, for example. Access authorizations to the two types of data mentioned above should be assigned only very restrictively.
Privileges control the use of all objects and data contained in the HANA database. In order to use an application, you typically have to assign many different types of privileges to a user. In order to be able to take into account the complex relationships in the allocation of the privileges actually needed in a manageable way, privileges in SAP HANA are bundled into roles. In our example, the role MODELING in the role SAPT04_CONTENT_ACTIVATION is included. In SAP HANA, it is possible to assign a role to multiple roles as well as to multiple roles. This way, complex role hierarchies can be put together.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
To get the certificates for all relevant users in this address book via a mass import, use the example programme Z_IMPORT_CERTIFICATES appended in SAP Note 1750161 as a template for a custom programme.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
The security of an SAP system in operation depends on many factors.