SAP Authorizations Handle the default users and their initial passwords - SAP Basis

Direkt zum Seiteninhalt
Handle the default users and their initial passwords
Copy values from the Clipboard to the transaction's PFCG permission fields
The evaluation performance of the Security Audit Log was optimised from SAP NetWeaver 7.31. For this extension, you need a kernel patch. For the fixes and an overview of the required support packages, see SAP Note 1810913.

If you want to know more about SAP authorizations, visit the website www.sap-corner.de.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.

Due to the complexity of an SAP® authorization concept, it is necessary that all essential aspects are set down in a written documented authorization concept. This should describe the essential processes, but also how to handle the assignment of authorizations via roles. In particular, the nomenclature of specially created roles must be clearly defined. It should therefore be checked whether all changes since the last audit have been documented in the written authorization concept. After all, this document serves the auditor as a template for the so-called target/actual comparison. This means that the auditor compares the document with the actual status in the SAP® system for the main topics relevant to the audit. Any discrepancy can lead to a finding that must be avoided.
Make sense in maintaining proposal values
To establish an efficient and consistent structure in the area of SAP authorization management, function-related role and authorization assignments are the be-all and end-all. In addition, the existing authorization concept must be constantly analyzed for changes and security-relevant errors through proactive monitoring. This prevents negative and highly security-critical effects on your entire system landscape. To make this task easier for you, Xiting provides you with a comprehensive analysis tool, the Xiting Role Profiler. In addition, you can perform a basic analysis in advance, which will also be the main focus of this blog. The goal is to show you SAP standard methods with which you can already independently optimize your authorization and role administration.

This report not only gives you an overview of the table logging settings in the tables, but also allows you to select multiple tables for logging. The Log flag button allows you to set the table logging check for all previously selected tables. The current status of the table loggers for the tables can be found in the Protocol column. The icon means that the table logger for the selected table is off.

For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.

However, since in SAP CRM the user IDs are not directly assigned to a post, but via the business partner, you have to make adjustments to the evaluation paths before you can assign the roles indirectly.

In addition, with the permission proposal value maintenance, you can make sure that the new authorization object is not forgotten in a role system, because it is now loaded automatically into the PFCG role when the application is called up via the role menu.
SAP BASIS
Zurück zum Seiteninhalt