Sustainably protect your data treasures with the right authorization management
Maintain transaction start permissions on call CALL TRANSACTION
Depending on the transaction invoked, the application can be more granular checked by this additional permission check. Therefore, transactions that are called with additional parameters might require more than one authorization object and must be protected programmatically. The following listing shows an example of a permission check that ensures that the logged-in user has the permission to start the SU24 transaction.
Roles can be cut so that, for example, they only have display or change permissions. Furthermore, it could be differentiated between customising, master data and movement data maintenance.
A concept for SAP authorizations prevents system errors and DSGVO violations
The SAP authorization concept must generally be created in two versions: for the ABAP stack and for the Java stack. Which roles are required, which role may call which SAP functions, and other conceptual issues are identical. However, there are fundamental differences between the two versions.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
The CALL TRANSACTION ABAP command does not cause a transaction startup permission check.