SAP Authorizations Organisationally restrict table editing permissions - SAP Basis

Direkt zum Seiteninhalt
Organisationally restrict table editing permissions
Lock Inactive Users
If it is clear that a cleanup is necessary, the first step should be a detailed analysis of the situation and a check of the security situation. Based on these checks, a redesign of the authorizations can be tackled.

You would like to revise your authorisation concept and tailor SAP roles only to the productive processes. We show you how to use the statistical usage data from the Workload Monitor for the SAP role definition. One of the biggest effort drivers in redesigning SAP role concepts is the definition of transactional expression of SAP roles. By using the statistical usage data from the workload monitor, you can avoid costly coordination with process managers in the sense of a Green Field Approach. In this way, you can tailor your SAP role concepts to the content of the usage behaviour. The only requirement is that the data be available for a representative period. This is two months in the SAP standard; You can also extend this time period. Below we describe how you can use the statistical usage data from the Workload Monitor for the SAP role definition.
What to do when the auditor comes - Part 1: Processes and documentation
Existing log files are managed using the SM18 transaction. Here you can delete the log files in all active instances. This requires the indication of a minimum age in days for deletion. The smallest possible value is three days, without taking the current day into account in the calculation.

For the configuration, you must first enable encryption and, if necessary, signing in the SAPConnect administration. To do this, go to Settings > Outgoing Messages > Settings on the Signing & Encryption tab of the SCOT transaction. Note that the activation only enables the encryption or signature of emails; whether this is actually done always controls the sending application.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

Therefore, it is not possible to add a list of more than 28 users, which can be very difficult for long lists.

The time-space check works in context: In addition to the supporting documents of the audit period, older supporting documents are also included if they are still relevant for the audit period, such as open items that were booked in previous years but only settled in the audit period.
Zurück zum Seiteninhalt