Conclusion
Making the RESPAREA responsibility the organisational level
When considering the security of SAP transport landscapes, it is not only the production system that is relevant for auditing. The other systems, including the development systems, must also be included in the risk considerations. The SAP_ALL profile is still frequently used there instead of concrete roles. This article identifies the main risk areas.
The Enable Transport Recording button allows you to save the changes in the roles on a transport order. For information on the validity of the PFCG_ORGFIELD_ROLES report, see SAP Note 1624104.
Make sense in maintaining proposal values
In addition, you must note that you may not execute this report on systems that are used as a user source for a Java system. This is due to the fact that a login to the Java system will only update the date of the last login to the ABAP system if a password-based login has taken place. Other Java system login modes do not update the date of the last ABAP system login.
In addition, you can also define customised permission checks in the SOS and also define combinations of authorization objects and their values. You can create up to 1,000 custom permissions checks in the Check ID namespace 9000 to 9999. You can also redefine whitelists for these permission checks, which apply to either individual or all of the customer's permission checks. The configuration is described in SAP Note 837490.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
On www.sap-corner.de you will also find useful information about SAP basis.
The following security settings can be monitored using configuration validation: Gateway settings, profile parameters, security notes, permissions.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
This is determined by the function block and not by the developer.