Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

HI

HI,

Can any tell me that is there any difference in security part when compared between r34.7 and ecc5.0,ecc6.0.

IS there any screen changes or procedure changes.

Thanks,

sree

Former Member replied

Hi Sreekanth,

A few new things in ECC 5.0:

An improved Central User Administration is available to you as of SAP NetWeaver '04. In particular, the following functions have been improved or added:

Central User Administration (CUA). These changes have also previously been delivered by SAP Note.

- The partner profiles and the corresponding Application Link Enabling model are automatically created when creating the CUA.

- The synchronization of the company addresses has been integrated into the transaction Central User Administration Structure Display (user migration).

- The improved RSDELCUA significantly simplifies the removal of the CUA.

- The log display of the central user administration (CUA) for checking the status of IDoc distribution has a new, user-friendly interface. Performance when starting has also been significantly improved. You can also update the display in the result list, and select and distribute multiple users there.

For more information, see the SAP Library under SAP NetWeaver Components -> Security-> Identity Management -> Users and Roles -> Central User Administration.

Improvements to the User Master Comparison (transaction PFUD)

To improve the operability of transaction PFUD, the selection options were modified on the selection screen:

- The option Manual Selection of Profiles has been removed.

- The Complete Reconciliation option has been replaced with Perform User MasterComparison, with which you can execute the transaction in dialog.

- The newly structured selections creen allows you to select four processing modes separately in dialog; profile comparison, composite role comparison, HR organizational management comparison, and cleanups.

- The Replicate Local HR Assignments in the CUA Central System has been extended. You can choose this option if you are in a child system of a CUA, and HR organizational management is active. Indirect role assignemnts, which result from the local HR model are transferred to the CUA central system for information, and can be displayed in user maintenance there.

For more information, see the SAP Library under SAP NetWeaver Components -> Security-> Identity Management -> Users and Roles -> User Maintenance -> User Maintenance Functions -> Comparing User Master Records.

Statistical Functions in the Menu Maintenance for Role Maintenance (Transaction PFCG) The function Menu Statistics is now available on the Menu tab page. It provides information about the number of menu nodes and hierarchy levels. The system also differentiates between different types (folders, transactions and reports, URLS) for the number of nodes.

- New and Changed Reports in the User Information System (Transaction SUIM)

- The evaluation report RSUSR200 offers the extended selection criteria By User Type, By Validity of the User and By User Status.

For more information, see the SAP Library under SAP NetWeaver Components -> Security -> Identity Management -> Users and Roles -> User Information System -> Determining Users with the Users Node.

The new evaluation report RSSCD100_PFCG for determining change documents provides more selection options than report RSSCD100, which it replaces. This means that you receive a clear results list without unnecessary data.

For more information, see the SAP Library under SAP NetWeaver Components ->

Security -> Identity Management -> Users and Roles -> User Information System

-> Determining Change Documents.

Evaluation report RSUSR010 was extended so that you can determine which transactions can be started with a particular composite or single role.

For more information, see the SAP Library under SAP NetWeaver Components -> Security -> Identity Management -> Users and Roles -> User Information System -> Determining Transactions.

You can use Customizing switches to specify for the password generator in user maintenance (transactions SU01 and SU10) whether the passwords should contain special characters, and the maximum numbers of letters and numbers that are to be contained in the passwords.

The following new Customizing parameters, which you maintain in table PRGN_CUST are

introduced for this purpose:.

- GEN_PSW_MAX_LETTERS (Maximum number of letters in generated password)

- GEN_PSW_MAX_DIGITS (Maximum number of numbers in generated password)

- GEN_PSW_MAX_SPECIALS (Maximum number of special characters in generated password)

For more information, see the SAP Library under SAP NetWeaver Components -> Security -> Identity Management -> Users and Roles -> User Maintenance -> Logon and Password Security in the SAP System -> Customizing Switches for Generated Passwords.

The authorization concept in the area of user and role administration has been refined by the introduction of the new authorization object S_USER_SAS and the adjustment of the existing authorization objects. With authorization object S_USER_SAS, you can make system-specific assignments in the user maintenance transactions (SU01 and SU10), the role maintenance transaction (PFCG) and the User Master Data Reconciliation (PFUD), and check the BAPIs of the Business Object USER.

For more information, see SAP Note 536101 and the SAP Library under SAP NetWeaver Components -> Security -> Identity Management -> Users and Roles -> SAP Authorization Concept -> Organizing Authorization Administration -> Organization if You Are Using the Profile Generator -> Authorization Objects Checked in Role Maintenance.

Hope it helps.

Please award points if it is useful.

Thanks & Regards,

Santosh

0 View this answer in context

Helpful Answer

by
Not what you were looking for? View more on this topic or Ask a question