Beruflich Dokumente
Kultur Dokumente
Tables related with authorization objects and authorization fields are as follows:
♦ TOBJ is the authorization objects table containing the authorization fields for each.
♦ TACT contains the list of the standard activities authorization fields in the system.
♦ TDDAT table is needed for assigning authorization groups to tables used by authorization object S_TABU_DIS.
♦ TSTC is the transaction code table where authorization objects and values can be defined.
♦ TPGP is used for relating application areas with program authorization groups.
♦ USOBT is the standard SAP table that relates transactions with authorization objects.
♦ USOBX is the SAP check table for USOBT containing the transactions and authorization objects.
♦ USOBT_C is a customer table, copied initially from the SAP, which relates transactions with authorization objects.
♦ USOBX_C is the customer check table for USOBT_C containing transactions and authorization objects.
Technical Details: System Profile Parameters for Managing Users & Authorizations
Parameters directly affecting the user management functions are as follows:
♦ login / fails_to_session_end. Indicates the number of times that a user can enter an incorrect password before the
system closes the logon window. The default value is 3, but you can set it to any value between 1 and 99.
♦ login / fails_to_user_lock. This parameter sets the number of times a user can enter an incorrect password before the
system automatically locks the user out. If this happens, the user is automatically unlocked at midnight. The default value
is 12. Possible values are from 1 to 99.
♦ login / system_client. Sets the default system client. This client is automatically filled in the client field of the logon
screen, although users can overwrite it.
♦ login / min_password_lng. Specifies the minimum password length. Default value is 3, but you can specify any value
between 2 and 8.
♦ login / password_expiration_time. Indicates in number of days the period of validity for passwords. When the
expiration time arrives, the user is asked to enter a new password.
♦ login / no_automatic_user_sapstar. Disables special properties for user SAP* when this parameter is set to a value
greater than 0.
♦ rdisp / gui_auto_logout. Specifies the number of seconds a user session can be idle (SAPGUI does not transfer or
communicate with the application server) before being automatically logged off by the system. This parameter is
deactivated by setting the value to 0. By default, this option is not activated.
♦ auth / no_check_in_some_cases. This parameter is set to switch off special authorization checks by customers, and is
the main parameter for activating the Profile Generator tool. Values can be either Y (yes) or N (no).
♦ auth / no_check_on_tcode. If this parameter is set to value Y (yes), then the system does not perform an authorization
check on object S_TCODE.
To make the parameters globally effective in a SAP system, set them in the default profile, DEFAULT.PFL.
To make them instance specific, you must set them in the profiles of each application server in your SAP system.