Use AGS Security Services
Maintenance Status
We now want to describe the necessary settings in the sending application using the example of encrypted sending of initial passwords. To implement this requirement, you can use the BAdI BADI_IDENTITY_UPDATE. This BAdI is also only available via a support package starting from SAP NetWeaver AS ABAP 7.31. For details on the relevant support packages, see SAP Note 1750161. To implement the BAdIs, use the transaction SE18; there you can also see the example class CL_EXM_IM_IDENTITY_UPDATE. For the BAdI BADI_ IDENTITY_UPDATE, you must implement the SAVE method to the IF_BADI_IDENTITY_UPDATE interface.
If you have an older SAP NetWeaver release than 7.00 installed, only two possible values for the customising switch BNAME_RESTRICT are available after the implementation of SAP Note 1731549. The switch is NO, and you can switch it to ALL, so that the switch takes on the same functionality as in the higher releases.
Use Central User Management change documents
Setting the confidentiality or encryption markers in the SEND_EMAIL_FOR_USER method affects the display of the e-mail in Business Communication Services Administration (transaction SCOT). If the email is marked as confidential, it can only be viewed by the sender or the creator of the email. The sender and the creator need not necessarily be identical, for example, if you have entered the system as the sender. The e-mail creator is the one who ran the application in the context of which the e-mail was created. The encryption flag also automatically sets the confidentiality of the email. The e-mail is not stored in the system in encrypted form, but is protected against unauthorised access by the confidentiality flag. However, access by the sender or creator is still possible. You should also note that the subject of the email is not encrypted.
Well-maintained suggestion values are extremely helpful for creating PFCG roles. We will give you a rough guide as to when it makes sense to maintain suggestion values. SAP provides suggested values for creating PFCG roles in the USOBT and USOBX tables via upgrades, support packages, or hints. These suggestion values include suggested values for permissions of SAP default applications that can be maintained in PFCG roles. Suggestion values are supplied not only for transaction codes, but also for Web Dynpro applications, RFC function blocks, or external services. You can customise these suggestion values to suit your needs. However, this does not happen in the supplied tables, but in the USOBT_C and USOBX_C customer tables. Care is carried out in the transaction SU24.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Many companies also have the requirement to present the events of the Security Audit Log in other applications.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
If you run the report in the central system with the default selection, all subsidiary systems are included.