FAQ
SAP S/4HANA: Analysis and simple adjustment of your authorizations
Help, I have no permissions (SU53)! You want to start a transaction, but you have no permissions? Or the more complex case: You open the ME23N (show purchase order), but you don't see any purchase prices? Start transaction SU53 immediately afterwards to perform an authorization check. The missing authorization objects will be displayed in "red". You can also run SU53 for other users by clicking on Authorization Values > Other Users in the menu and entering the corresponding SAP user name.
Most client programmes are additions to the standard functionalities or variations of the same. Therefore, when you create your own programmes, you can follow the eligibility checks of the standard programmes or reuse the permissions checks used there.
Security Automation for HR Authorizations
Careful preparation is a prerequisite for a successful authorisation check. A functional specification must be created for all customer-specific functionalities. This forces us to think about what the actual requirements of the application are and then describe the possible implementation. In doing so, security-related aspects, such as eligibility testing and allocation, must be taken into account. Define what you can do with this programme and also what you cannot do explicitly! In the case of a permission check, not only the activity to be performed, such as reading, changing, creating, etc. , can be checked. You can also restrict access to records by using specific criteria, such as field content or organisational separators.
The SAP authorization concept also maps the organization of authorizations within the SAP system. The organizational structure defines responsibilities and the authorization hierarchy, while the process organization specifies process steps and the activities and authorization objects required for them in SAP. The authorization concept must therefore be flexible enough to allow future changes in the organization to be implemented quickly and in compliance with the rules.
Authorizations can also be assigned via "Shortcut for SAP systems".
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
The programmer of a functionality determines where, how or whether authorizations should be checked at all.
Object Privileges: Object Privileges are SQL permissions that control access to and modification of database objects (as a whole).