SAP R/3 Security Quick Reference

General Terms for Security
Authorization Object - Lowest level of SAP access. Used to assign access values to system elements. Authorization - A set of values for the fields in an authorization object. For a given authorization object, there can be any number of authorizations. User authorizations are held in profiles identified in the user master record. Authorization Field - An element of the system that is to be protected by an access test. Fields are entered in authorization objects and in AUTHORITYCHECK calls. For example, common fields include activity, company code and authorization groups. Object Class - Authorization Objects are divided into classes by SAP module. Profile - Second level in security hierarchy. Authorizations are assigned to profiles to create access to specific SAP functionality. Profiles can also be combined into composite profiles. Users - Highest level of security hierarchy. Profiles and Composite Profiles are assigned to Users for access to perform their jobs. User Group - The user master records are maintained by the same user security administrator. A user master record that is not assigned to a group can be altered by any user administrator. Administration Module - The Administration module is the main area of use for the SAP Administrator. It controls Security, Printer (Batch Jobs) and User monitoring. Transaction - A sequence of steps that makes up a logical unit of work. It can be made up of one or several screens and will be concluded with a system message informing the user of the results. Transaction Code - A field of four characters identifying a transaction when entered in the command field or when a menu option is selected. For example, SM31 is the code for the Table Maintenance transaction. Naming Convention - The rules defined by an organization for assigning names to system objects such as programs, profiles, authorizations, etc.

Security Administration Menu Paths
Users: Initial Screen: Transaction Code SU01 Profiles: Initial Screen: Transaction Code SU02 Tools > Administration User Maintenance > Users Tools > Administration User Maintenance > Profiles

Maintain Authorizations: Tools > Administration Transaction Code SU03 User Maintenance > Authorization System Message Create: Tools > Administration Transaction Code SM02 Administration > System Messages Log of Users on System: Transaction Code SM04 Tools > Administration Monitoring > System Monitoring User Overview

System Log of Messages: Tools > Administration Transaction Code SM21 Monitoring > System Log Printing Controls: Transaction Code SP01 Control of Batch Jobs: Transaction Code SM35 General Table Display: Transaction Code SE16 Table Maintenance: Transaction Code SM31 Tools > Administration Spool > Output Controller System > Services Batch Input > Edit Tools > ABAP/4 Workbench Overview > Data Browser System > Services > Table Maintenance System > Services Jobs > Job Overview

Control of Background Jobs: Transaction Code SM37

Maintenance of Table USOBT: Tools > ABAP/4 Workbench Transaction Code SU22 Development > Other Tools Goto > Tcode Assignment

SAP R/3 Security Quick Reference
Security Administration Menu Paths
ABAP Program Development: Transaction Code SE38 Maintain Transaction Codes: Transaction Code SE93 Tools > ABAP/4 Workbench Development > ABAP/4 Editor Tools > ABAP/4 Workbench Development > Other Tools > Transactions Tools > ABAP/4 Workbench Development > Other Tools > Authorization Objects > Objects Tools > Administration User Maintenance > Profiles Enter Profile Name, and Choose Menu Option Profile > Transport Tools > ABAP/4 Workbench Overview > Workbench Organizer Type Transaction Code SU53 in the command field at point of denied Authorization Tools > Administration Monitoring > Traces > System Trace Save:

Basic Function Keys
Click on the folder icon to save Back One Screen: Click on the green arrow to return back one screen Enter: Possible Entries: Display: Click on the green check mark Click on the magnifying glass to display possible entries Click on the eye glasses icon to display Click on the question mark to reference the SAP help menu

Add Authorization Objects: Transaction Code SU21

Help Menu:

Return to the top of SAP: Click on the yellow arrow Change User Defaults: Transaction Code SU50 System > User Profile > User Defaults

Transport Utility: Transaction Code SE01 (use SU02 for version 2.2)

Change User Addressee: System > User Profile > User Addressee Transaction Code SU51 Customize SAP screen: To Customize the SAP screen click on the exclamation point on the left-upper corner on the screen Log Off: Click on the yellow arrow twice or System > Log Off

Workbench Organizer Utility: Transaction Code SE09 Display Authorization values for failed Authorization:

Table Names: (use SE16 or SM31)
USR01 User Master Records USR02 User ID and Passwords USR10 Authorization Profiles USR11 User Master Profiles & Descriptions USR12 User Master Authorization Values TACT TSTC Activities that can be protected Transaction Listing TDDAT Table Authorization Groups TSTCT Transactions with Description TOBJ TOBC USR40 TSTCA Authorization Objects Auth. Object Classes Impermissible passwords Values for Tcode Authorizations

System Trace: Transaction Code ST01 (use SE30 for version 2.2)

Program/Report Names: (use SE38)
RSPARAM RSCLASDU RSCLACOP RSREGEN RSPROFIL Display the system profile parameters Display list of Client-Independent tables Copy auths, profiles & users between Clients in an instance Regenerate all ABAP/4 programs List Profile Directory

USR13 Authorizations Descriptions USH02 Change History for Log-on Data USH04 Change History for Authorizations USH10 Change History for Auth. Profiles TOBCT Auth. Object Classes & Descriptions

TOBJT Auth. Objects and Descriptions

USH12 Change History for Auth. Values

Sign up to vote on this title
UsefulNot useful