SAP Security: Critical Authorization Objects
SAP Security: Critical Authorization Objects
1. S_TABU_DIS: This authorization object enables authorization check for displaying or modifying the table content. For accessing the table data, users use SE16, SM30 or SM31 transaction codes. This object contains two fields, DICBERCLS (authorization group) and ACTCT.
2. S_RFC: This authorization object enables authorization check for remote function call to access program modules (function modules). This authorization object contains three fields, RFC_TYPE, RFC_NAME and ACTCT.
3. S_DATASET: This authorization object enable file access at operating system level. This gives permission to access files from ABAP programs. This object contains three fields, File name, Program and Activity.
4. S_ADMI_FCD: This authorization objects enable access to various administrator activities like system monitoring, spool administration, client creations, update administration etc. This object contains one field, system administration functions.
5. S_DEVELOP: This authorization object enable access to ABAP development activities. This object contains five fields, Package, Object Name, Object Type, Authorization group for ABAP programs and Activity.
6. S_PROGRAM: This authorization object enable access to execute ABAP programs. This object contains two fields, User action and Authorization group for ABAP programs.
7. S_BTCH_ADM: This authorization object enable access to background processing. With this authorization, administrator can access background jobs from all the clients and able to perform all activities on background jobs. This object contains one field, Background Administrator ID.
8. S_CTS_ADMI: This authorization object enable access to change and transport system. With this object administrator can perform all transport related activities, can maintain system change options. This object contains one field, Administrator task for change and transport system.
Comments
Post a Comment