Manual authorizations
Concept for in-house developments
Here we present different scenarios for the process of resetting passwords. In all scenarios, the user selects the system and the client in which a password is to be reset from a web page. Only systems and clients where this user already exists and assigned a permission should be displayed. An initial password is then generated and sent to the user's email address. Only if a user lock is set by false logins, the user must be unlocked. If an administrator lock is in place, the user should be informed accordingly. Before implementing self-service, consider the password rules set in your systems and the use of security policies. Because these settings allow you to control how passwords are generated in your systems. We recommend that you read the instructions in Tips 4, "Set Password Parameters and Valid Signs for Passwords", and 5, "Define User Security Policy".
Even the best authorization tools cannot compensate for structural and strategic imbalances. Even a lack of know-how about SAP authorizations cannot be compensated for cost-effectively by means of tools.
Perform Risk Analysis with the Critical Permissions Report
Ensure that permission checks are performed when reference users are assigned. The checks are performed on the permissions associated with the roles and profiles assigned to the reference user. These eligibility tests are also a novelty, which is supplemented by SAP Note 513694.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
Save the file in text format, not in any Excel format.