List of required organisational levels and their value
Even if key users (department users/application support) do not have to develop their own authorization objects and cooperation with SAP Basis is always advantageous, there are often technical questions such as "Which users have authorization to evaluate a specific cost center or internal order?
Have you ever wondered who has critical permissions in your system? Have you lacked the tool and approach to identify these users? The user system in an SAP system is always connected to a permission assignment. Over the life cycle of a user in the SAPS system, more and more permissions are accumulated if they are not withdrawn once they are no longer needed. This accumulation is bound to result in users being able to perform more actions than you would like as the permission administrator. To avoid this, we want to give you a suitable tool.
Now the SAP system is basically able to encrypt emails. However, the system still lacks the recipient's public key. You can manage the required public key information in the Trust Manager's address book. You can find the address book in the Transaction STRUST menu under Certificate > Address Book. Here you can import individual certificates by selecting the corresponding certificate in Certificate > Import Certificate. To get the certificates for all relevant users in this address book via a mass import, use the example programme Z_IMPORT_CERTIFICATES appended in SAP Note 1750161 as a template for a custom programme.
Search for user and password locks
We now want to describe the necessary settings in the sending application using the example of encrypted sending of initial passwords. To implement this requirement, you can use the BAdI BADI_IDENTITY_UPDATE. This BAdI is also only available via a support package starting from SAP NetWeaver AS ABAP 7.31. For details on the relevant support packages, see SAP Note 1750161. To implement the BAdIs, use the transaction SE18; there you can also see the example class CL_EXM_IM_IDENTITY_UPDATE. For the BAdI BADI_ IDENTITY_UPDATE, you must implement the SAVE method to the IF_BADI_IDENTITY_UPDATE interface.
Every large company has to face and implement the growing legal requirements. If the use of an authorization concept is to be fully successful on this scale, the use of an authorization tool is unavoidable. For medium-sized companies, the use of an authorization tool is usually also worthwhile. However, decisions should be made on a case-by-case basis.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
Users of the report are often unsure about what this report actually displays, because the results do not necessarily correspond to the eligible transactions.
In this way, you can not only clean up your SU24 values, but at the same time achieve a high-performance starting position for role and authorization administration.