SAP Authorizations Optimise trace analysis - SAP Stuff

Direkt zum Seiteninhalt
Optimise trace analysis
Managed Services
You must set up a message class for later use. To do this, you will be prompted automatically when the transaction GGB0 is first called. If some relevant fields of the complete document are hidden, i.e. not available, please refer to the instructions in the SAPHinweis 413956. Set up validation in the GGB0 transaction (such as GALILEO) and determine the steps of validation. In the validation process, copy the RGGBR000 programme into your Customer Name Room, replacing the last three characters with the number of the client in which the validation will be performed. Then assign your new customer-owned programme with the GCX2 transaction to the GBLR user exit control workspace. This assignment has created the prerequisite for client-dependent user exits. If you want to set up a client-independent user exit, do the same, but use the transaction GCX1.

The selection mask for selecting change documents in the transaction SCUH is divided into four sections: Standard selection (similar to other SUIM reports), output, selection criteria, and distribution parameters. In the default selection you have the option to specify for which model view, for which modifier (Modified by) and for which time period you want to view change documents.
Perform upgrade rework for Y landscapes permission proposal values
When you select the row with the parameter transaction you created and click on the Suggest values button, the S_TABU_NAM authorization object is automatically created with the correct suggestion values, i.e. the table name in the transaction SU24. Check these suggestion values by clicking Yes in the S_TABU_NAM column. You will now end up in a view from the transaction SU24 and can check in the tables authorization objects and Permission Proposition Values (for all authorization objects) which changes to the object S_TABU_NAM have been made automatically. For more information and implementation guidance, use SAP Note 1500054. The SAP Note also provides the SUSR_TABLES_WITH_AUTH analysis report, which specifies table permissions for users or individual roles. This report checks at user or single-role level which tables have permissions based on the S_TABU_DIS or S_TABU_NAM authorization objects. The report does not check whether the user has the transaction startup permissions that are also necessary, such as S_TCODE. For example, if you check what table permissions a particular user has based on the S_TABU_DIS authorization object, you will receive information about the table names, the associated table permission group, and the eligible activities. Granting permissions to access tables directly is flexible and useful, and is not recommended unless the mechanism is hammered out by giving the user general table access through generic maintenance tools.

With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.

If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".

Before starting to read the data from the database, a DUMMY check can be used to quickly determine whether the user is authorized to access part of the data.

SAP Stuff
Zurück zum Seiteninhalt