SU2X_CHECK_CONSISTENCY & SU24_AUTO_REPAIR
Communication User
The most important security services regarding permissions are the EarlyWatch Alert (EWA) and the SAP Security Optimisation Service (SOS). You compare the settings in your SAP systems with the recommendations of SAP. Both services are delivered as partially automated remote services; You can also use the SOS as a fully automated self-service. The EWA and SOS shall carry out eligibility tests, the results of which shall always be as follows: The heading indicates the check in question. A short text describes the importance of the audited entitlement and the risk of unnecessary award. A list indicates the number of users with the validated permission in the different clients of the analysed SAP system. The SOS also allows you to list the users. In the SOS, a recommendation is made for each check to minimise the identified risk. A final formal description represents the checked permissions. However, not only the explicitly mentioned transactions are evaluated, but also equivalent parameter or variant transactions.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
By default, the transactions from the role menu can be found here as derived authorization values. Over the value assistance (F4) can be called partially the available functions fields to these field.
Customizing
Another special feature of the role menu is the maintenance of object-based navigation. If a call to a transaction has been executed through a button in a Web Dynpro application, you must make the Object-based Navigation settings for the transaction to call. To do this, select the appropriate item in the (F4) Help. You may need to ask the developer of the application for navigation information.
Over the course of time, many companies experience profound changes in the framework conditions that significantly influence SAP® authorization management. Not uncommon are subsequent requirements from the area of compliance (SOX or similar) or the increased need for protection.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
In the SAP system, you can create derived roles for specific fields in authorization objects.
A text file is now created under the appropriate path, containing the desired format with the input parameters.