Authorization check
Set Configuration Validation
There are several ways to view the implementation of permission checks: Either you jump directly from the system trace for permissions to the appropriate locations in the programme code, or you go over the definition of the authorization objects. To view the permission checks from the permissions system trace, start the trace from the STAUTHTRACE transaction and run the applications you want to view. Now open the evaluation of the Trace. In the Programme Name column, you can see the programme that includes the Permissions Check. Double-click to go directly to the code site where the permission check is implemented.
The high manual maintenance effort of derived roles during organisational changes bothers you? Use the variants presented in this tip for mass maintenance of role derivations. Especially in large companies, it often happens that a worldwide, integrated ERP system is used, for example, for accounting, distribution or purchasing. You will then have to limit access to the various departments, for example to the appropriate booking groups, sales organisations or purchasing organisations. In the permission environment, you can work with reference roles and role derivations in such cases. This reduces your administrative overhead for maintaining functional permissions and reduces the maintenance effort for role derivations to adapt the so-called organisational fields. However, maintaining the organisational fields can mean enormous manual work for you, as the number of role derivations can become very large. For example, if your company has 100 sales organisations and 20 sales roles, you already have 2,000 role outlets. Here we present possible approaches to reduce this manual effort.
Reset Manually Maintained Organisation Levels to Roles
Very often the question then arises, does anything have to be prepared for the audit? As a rule, all of the company's own notes from previous years should be retrieved and combed through for information that was noted at the time during the discussions with the IT auditor. The IT auditor's findings and comments that show potential for improvement in IT-relevant processes or system settings are particularly essential. Furthermore, any reports by the auditor from the previous year should also be taken into account, in which deficiencies identified at that time were pointed out.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
At "www.sap-corner.de" you will also find a lot of useful information on the subject of SAP authorizations.
When using a common standard solution (e.g. SAP Access Control), a corresponding maintenance view is usually offered.