Optimise trace analysis
Use Central User Management change documents
To release jobs - own jobs or jobs of other users - a permission for the object S_BTCH_JOB with the expression JOBACTION = RELE is still required. In running operations, scheduled batch jobs may be cancelled because a step user is deleted or locked. With the help of the BTCAUX09 programme, you can check jobs as an administrator to see if they can be cancelled in the future. If you want to run these jobs under another step user, you can change them either with the transaction SM37 or with the report BTC_MASS_JOB_CHANGE.
SAPCPIC: SAPCPIC is not a dialogue user, but is used for EDI usage in older releases (EDI = Electronic Data Interchange); in default, SAPCPIC has permissions for RFC access. However, you should not use this user for them, nor for batch processes, but you must create other users for these applications. Safeguard measures: Lock down the user, change the password, assign it to the SUPER user group and log it with the Security Audit Log.
How to analyze roles and authorizations in the SAP system
The permission check for the S_PATH object is performed as described only for files corresponding to a path with a permission group in the SPTH table. In our example, you should grant permission for the S_PATH object with the value FILE in the FS_BRGRU field to access files with the path /tmp/myfiles*. Note that the authorization object only distinguishes two types of access. These two values summarise the access types of the S_DATASET authorization object. The value Modify corresponds to the values Delete, Write, and Write with Filter; the value View corresponds to Read and Read with Filter.
Authorizations are used to map the organizational structure, business processes and separation of functions. Therefore, they control the access options of users in the SAP system. The security of business data depends directly on the authorizations assigned. For this reason, the assignment of authorizations must be well planned and executed in order to achieve the desired security.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
We would like to facilitate the creation of roles for these permissions by explaining to you which activities are necessary in advance to define the RESPAREA field as an organisational level.
Describing all configuration options would exceed the scope of this tip.