Analyse and evaluate permissions using SAP Query
Our offer
You can use your own authorization objects to develop permission checks to authorise your custom applications or extend default permissions. So far, the maintenance of the authorization objects has been very unmanageable. Authorization objects can be displayed and recreated in the transaction SU21. Creating authorization objects over this transaction has not been very user-friendly. If the input was not done correctly, the dialogue was sometimes not transparent and confusing for the user. The same was true for storing a authorization object. Several pop-up windows indicate further care activities. Another problem is that the proof of use of the authorization object is limited to finding implementations of the authorization object. However, authorization objects are also used in other places, such as suggestion value maintenance and permission maintenance. Another problem is the use of namespaces. For SAPartner who want to maintain their permission checks in their namespaces, the classic name rooms, starting with J, are used up.
You can use the BAdI SMIME_EMAIL of the SMIME extension spot and implement the CERTIFICATE_RETRIEVAL and CERTIFICATE_SELECTION methods according to your requirements. This BAdI is called whenever an encrypted e-mail is sent. An extension allows you to search for a valid certificate at run time (for example, the one with the longest validity) to the recipient's email address in a source you defined. In the default implementation, the BAdI searches for the certificate in the Trust Manager's address book. For details on the availability of BAdIs, see SAP Note 1835509.
Analysis and reporting tool for SAP SuccessFactors ensures order and overview
SAPCPIC: SAPCPIC is not a dialogue user, but is used for EDI usage in older releases (EDI = Electronic Data Interchange); in default, SAPCPIC has permissions for RFC access. However, you should not use this user for them, nor for batch processes, but you must create other users for these applications. Safeguard measures: Lock down the user, change the password, assign it to the SUPER user group and log it with the Security Audit Log.
The setting of the modification flag used to determine the proposed values to be matched is imprecise. Learn about a new process that uses timestamps. Upgrade rework for suggestion values and roles must be performed not only upon release change, but also after inserting plug-ins, support packages, enhancement packages, or other software components, such as partner solutions. These rework can be complex if the underlying selection of proposed values cannot be restricted. Therefore, a new procedure has been introduced in the transaction SU25, which restricts the proposed values to be compared using a time stamp.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Further authorization roles are required, for example, for external auditors.
Unfortunately, there is no button in the start image of the transaction SU10 that allows users to be pasted from the clipboard.