Security in development systems
Preventing sprawl with the workload monitor
SAP authorizations are not exclusively an operational issue - they are also essential for risk management and compliance and represent one of the key audit topics for internal auditing and auditors. In most cases, the different rules according to which the risks of SAP authorizations are assessed are problematic.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
Make sure that the client-independent tables for logging are always logged when the parameters are not set to OFF. In addition to the parameters listed here, the table itself must also have the table logging hook set; This is usually done with the help of the transaction SE13. The settings are made in development and then transported to the other systems. The SAP standard already provides some tables for logging; For an overview of these tables, see SAP Note 112388 (tables requiring logging). You can evaluate the logging settings of the tables using the RDDPRCHK report or the RDDPRCHK_AUDIT transaction in the SAP system. The selection is made in the start image of the report, e.g. via the table name or the selection of options for logging.
Authorization roles (transaction PFCG)
Do you want to automatically monitor the security settings of your systems and receive convenient evaluations? We will explain how to use configuration validation. If you have a large SAP system landscape in use, the control of the many different security settings can be complex. You define your security requirements for the entire SAP system landscape; they concern, for example, the settings of the profile parameters, the handling of safety instructions or critical permissions that may only be assigned to emergency users. You can define these requirements in the SAP Solution Manager Configuration Validation application and evaluate compliance with these requirements in all systems.
An overview of the actual relevant information for your system landscape can be obtained from the application System recommendations in the Change Management section of the SAP Solution Manager (transaction SOLMAN_WORKCENTER or SM_WORKCENTER). This application will provide you with a recommendation for the SAP and non-SAP hints to be implemented for the evaluated systems.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
This directly regulates access to the tables via table permission groups or, if access is not allowed through table permission groups, via the table permission (see Tip 73, "Use table editing authorization objects").
Today, this is possible with the security guidelines that you assign to users and clients.