SAP Authorizations Compensating measures for segregation of duties conflicts - SAP Corner

Direkt zum Seiteninhalt
Compensating measures for segregation of duties conflicts
Deleting versions
To make the most of the time stamping process, you should fill the time stamp tables in the legacy system before upgrading. Implement SAP Note 1599128. With this correction, the report SU25_INITIALIZE_TSTMP is delivered, which allows to write the current timestamps of your data from the transaction SU22 into the respective timestamp tables USOBT_TSTMP and USOBX_TSTMP. After the upgrade, you will have a reference date for your SU22 data, which you can use to compare with the SAP proposal data shipped for the new release. Setting the timestamps in the legacy release reduces the effort required to complete step 2a, because only those applications whose SU22 data has been modified are matched. If you have not filled the timestamp tables in the old release, the tables in your new release will be empty. In this case, in step 2a, the content of the SAP proposal values will be compared to the customer proposal values, regardless of a timestamp.

In both cases the transaction S_BCE_68001410 is started. Here you can search for an authorization object by authorization object, authorization object text, object class and other options.
Analysis and reporting tool for SAP SuccessFactors ensures order and overview
Authorization tools are only as good as the person using them. Until now, no tool has made it possible to create ready-made authorization concepts with just a single click.

For the scenario of sending initials passwords, signing emails is not so relevant. Although it is possible to send an encrypted e-mail with a fake sender address, in this case the initial passwords in the system would not work. It looks different when you send business data; In such cases, verification of the sender via a digital signature is recommended. If you want to send e-mails digitally signed, we advise you to send them at the system's e-mail address. To do this, use the SEND_EMAIL_FOR_USER method described and place the sender's tag on the system. In this case, you need a public key pair for your ABAP system, which is stored as a Personal System Security Environment (PSE). For a detailed description of the configuration, including for verification and decryption of received emails, see the SAP Online Help at and SAP Note 1637415.

During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.

If the value is 0, the Permissions Check succeeded.

If you want to know more about SAP authorizations, visit the website

Therefore, we only deal with the topics of time-space delimitation and logging.
SAP Corner
Zurück zum Seiteninhalt