Concept for in-house developments
Grant permissions for SAP background processing
To do this, first define what information should be checked. In the SU20 transaction, verify that the required fields may already exist as permission fields. If you want to check custom fields, you must create your own permission fields in the transaction SU20. Please pay particular attention to the (F4) help provided. When defining customised permission fields, you assign a name in the Field Name field that is in your Customer Name Room and assign the corresponding data element and, if desired, a table name for a value help. The next step is to create your own authorization object and assign your permission fields and, if necessary, default permission fields. If you use the ACTVT field to validate the activity, you must use the Activities allowed button to select the activities that you want to validate from the source code of your programme. For recommendations on the naming conventions for authorization objects, see SAP Note 395083.
If a user does not have a print permission for an output device (S_SPO_DEV privilege object), an instant print flag may be rescinded, which means that a spool job created during the job step would not print immediately. If archive parameters are passed when scheduling a step, a check is performed on the object S_WFAR_PRI. If the Step user does not have a matching permission, an error message is displayed.
SAP Authorizations - A Common Perspective of Developers and Consultants
You want to maintain suggestion values for existing applications, but are you tired of the time-consuming manual maintenance? There's a new way! Maintenance of proposed values can vary greatly depending on company specifications or security guidelines. Depending on the requirements, the suggested values provided by SAP may be sufficient or need to be supplemented.
You can still assign roles and profiles to a user if you have the appropriate permissions to these activities. As long as no user group is associated with the user, permissions for any user group will be sufficient. If you assign a user group to the newly created user, all the checks will be repeated for that user group.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
Every large company has to face and implement the growing legal requirements.
Certain SAP authorizations, including those for table maintenance (S_TABU_*) require special attention for data protection reasons.