Translating texts into permission roles
Authorization check
The customising parameters in the table PRGN_CUST control the password generator in the transactions SU01 and SU10. The values of the profile parameters override the customising parameter entries to prevent invalid passwords from being generated. If the value of a customising parameter is less than the value of the corresponding profile parameter, the default value of the customising parameter is drawn instead. The same is true if no value is maintained. You can exclude certain words or special characters as passwords by entering them in the USR40 table. In this table you can enter both specific passwords (e.g. your company's name) and patterns for passwords (e.g. 1234*). '*' stands for any number of additional characters (wild card) and '?' for any character. However, when maintaining the USR40 table, note that the number and type of entries affect performance.
This report not only gives you an overview of the table logging settings in the tables, but also allows you to select multiple tables for logging. The Log flag button allows you to set the table logging check for all previously selected tables. The current status of the table loggers for the tables can be found in the Protocol column. The icon means that the table logger for the selected table is off.
SIVIS as a Service
A user reports that he or she is receiving a permission error even though you have granted him or her the required permissions. This could be due to a faulty buffering of the permission data. Although a user has been assigned a role with the correct permission data, this user is presented with a permission error due to missing permissions. This may be surprising at first glance, but it can almost always be fixed by a short analysis.
Even the best authorization tools cannot compensate for structural and strategic imbalances. Even a lack of know-how about SAP authorizations cannot be compensated for cost-effectively by means of tools.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
In principle, the SAP_NEW permission should not be granted in the production system.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
In the example shown in the figure below, a group of auditors from North Rhine-Westphalia would be active for the accounting area or cost accounting area (OrgUnit) 1000.