Our offer
Authorization objects
The setting of the modification flag used to determine the proposed values to be matched is imprecise. Learn about a new process that uses timestamps. Upgrade rework for suggestion values and roles must be performed not only upon release change, but also after inserting plug-ins, support packages, enhancement packages, or other software components, such as partner solutions. These rework can be complex if the underlying selection of proposed values cannot be restricted. Therefore, a new procedure has been introduced in the transaction SU25, which restricts the proposed values to be compared using a time stamp.
I will go into more detail on the subject of further training in the SAP environment at the next opportunity. As a small anticipation, I may refer here to some SAP blogs on the subject of SAP Basis or also the VideoPodcast "RZ10 LIVE SAP BASIS AND SECURITY" from rz10.de picks up topics in the area of authorizations again and again and is instructive here :-).
Use the authorisation route to identify proposed values for customer developments
The applications (transactions, Web-Dynpro applications, RFC building blocks, or Web services) are detected through their startup permissions checks (S_TCODE, S_START, S_RFC, S_SERVICE) and can be placed in the role menu of your role. In your role, go to the Menu tab and import these applications by clicking Apply Menus and selecting Import from Trace. A new window will open. Here you can evaluate the trace and view all recognised applications in the right window. To do this, click the Evaluate Trace button and select System Trace (ST01) > Local. In a new System Trace window, you can specify the evaluation criteria for the trace, such as the user using the Trace field only for users or the time period over which to record. Then click Evaluate.
For an authorization concept, a clear goal must first be defined that is to be achieved with the help of the concept. This should list which regulatory requirements the respective SAP system must fulfill and the associated authorization concept must take into account. In this way, the legal framework conditions are defined. In addition, uniform naming conventions should be used because, on the one hand, many things cannot be changed after the initial naming and, on the other hand, this ensures searchability in the SAP system. Clearly defined responsibilities ensure the effectiveness of a concept. Specific persons must be named or at least roles defined in a separate section. A chapter should be dedicated to the process for user management. Here, it must be described how users obtain existing SAP authorizations, how new users are integrated into the SAP system, and who is responsible for approving authorizations. The chapter on the process for authorization management defines who is allowed to create and edit which roles and who is responsible for the development of various related processes. The chapter on special authorizations describes processes and special features in the area of non-dialog operations. These include job management and interface convention. Other administrative authorizations can also be described. The chapter on role concept explains how business requirements are transferred to a technical role. The role concept takes on a special significance, since it describes the actual mapping of business roles to the technical roles and thus to the authorizations in SAP.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
Check the compatibility of your systems before setting the login/password_downwards_ compatibility profile parameter.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
For selection criteria outside the valid time period, the message "Not authorised to display data from this time period" appears.