Show overview about security policies (SECPOL)
A security policy is a collection of security policy attributes and their values. This definition replaces the definition of behavior with profile parameters: once a security policy is assigned to a user master record, this determines the desired behavior. The profile parameters are only relevant for those user master records for which no security policy has been assigned.
You can easily view the current settings of security policies in transaction SECPOL individually.
However, there is no tool available which shows the effective settings of all policies in comparison with the current settings of profile parameters. You can use the custom report ZSHOW_SECPOL for this purpose.
You can get this report from GitHub: https://github.com/SAP-samples/security-services-tools
You can either copy&paste the source code or use abapGit to load the whole package.
The reports allows to select up to 20 security policies. (This artificial limitation is based on the layout of the result screen.)
The result shows following columns:
- Attribute type
- Attribute name
- Default attribute value (this value is used if a policy does not define a specific value)
- For each selected policy: Policy attribute value (the specific values are marked in yellow)
- Corresponding profile parameter
- Current profile parameter value (values which differ from the default values are marked in red)
- Kernel default value of profile parameter (this value is identical to the policy default value)
In addition you get a line showing the count of assigned users per policy.
You can navigate to the definition of a security policy by double clicking into the corresponding column.
Limitation: If you navigate from the report to the definition of a security policy, you can view and maintain this policy but you cannot create new ones. Use transaction SECPOL instead to create new security policies.
You can navigate to transaction RZ11 for a profile parameter by double clicking into the corresponding columns.
Online Help – Security Policy Attributes for Logon and Passwords
Online Help – Profile Parameters for Logon and Password (Login Parameters)
SCN Blog – SAP Security policies / Group policies (2013)
Daniel Berlin Blog – A note on SECPOL behavior (2015)
RZ10 Blog – SAP-Passwortregeln: Profilparameter und Security Policies via SECPOL (2019)