SAP Authorizations Trace after missing permissions - SAP Stuff

Direkt zum Seiteninhalt
Trace after missing permissions
Integrate S_TABU_NAM into a Permission Concept
In the SCUA transaction, which you typically use to create or delete a ZBV distribution model, you can temporarily disable a subsidiary system. This option is disabled by default. To enable it, you must make changes in the customising of the PRGN_CUST table. Open the PRGN_CUST table either directly or via the customising in the SPRO transaction in the respective subsidiary system.

In the Output pane, you can view the change documents of a remote subsidiary system, or in the Selection Criteria pane, you can restrict the change documents for the central system (transmit system) or only for specific daughter systems. In the lower part, you can select the distribution parameters that you are interested in changing. The evaluation includes information about all changes in the ZBV configuration and in the attached subsidiary systems, as of the time the corresponding release or support package was inserted into the systems. In addition to the date, time and modifier, the evaluation also contains information about the respective model view, the status of the configured system and the action taken (old value and new value). In our example, you will see changes that have occurred in the SCUA transaction, such as creating a model view and adding subsidiary systems, changes made in the SCUG transaction, such as the user adoption, and changes to the distribution parameters in the SCUM transaction.
Efficient SAP rollout through central, tool-supported management
A user is displayed in the results list if one of the two transactions with the corresponding expression is included in its corresponding permission profile. If the logical link were fully linked to OR, a corresponding user would appear in the results list if only one of the four permissions is in the user's master set and thus in the permission profile.

Optional: S_PATH authorization object: If the test identifies 3 additional permissions checks for individual paths for the S_PATH authorization object, these are checked in the fourth step. The access type and the permission group stored in the SPTH table are checked.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

Specific persons must be named or at least roles defined in a separate section.

You can also find some useful tips from practice on the subject of SAP authorizations on the page

The advantage of this is that the permissions can be controlled more accurately and you do not run the risk of a job being lost if the user under whom it was scheduled to leave your company once.
SAP Stuff
Zurück zum Seiteninhalt