Our services in the area of SAP authorizations
Analyse and evaluate permissions using SAP Query
Additional permission check on the S_RZL_ADM authorization object: For security reasons, an additional permission check is performed on the S_RZL_ADM authorization object for special PSE (Personal Security Environment) files with access type 01 (Create). These files are called *.pse and cred_v2. These files are required for single sign-on, encryption and digital signatures. They are maintained using the transaction STRUST and the transaction STRUSTSSO2, which require the same permission (see SAP Note 1497104 for details).
The following sections first describe and classify the individual components of the authorization concept. This is followed by an explanation of which tasks can be automated using the Profile Generator.
Calling RFC function modules
To define table permissions in the PFCG transaction, it is not necessarily sufficient to specify the generic table display tools, such as the SE16 or SM30 transactions, in the role menu. The proposed values for these transactions are very general and only provide for the use of the S_TABU_DIS or S_TABU_CLI authorization objects. Explicit values must be entered depending on the tables that you have selected for permission. To explicitly grant access to the tables through the S_TABU_NAM authorization object, you can create a parameter transaction for each table access. For example, a parameter transaction allows you to call tables through the SE16 transaction without having to specify the table name in the selection screen because it is skipped. You can then maintain suggestion values for the parameter transaction you created.
Authorizations can also be assigned via "Shortcut for SAP systems".
You can also find some useful tips from practice on the subject of SAP authorizations on the page "www.sap-corner.de".
In the worst case, criminal activity can cause economic damage.