Do not assign SAP_NEW
Security in development systems
If you have developed your own permission checks to use them in your own programmes or to make extensions to the SAPS standard, it is essential that you maintain the Z authorization objects as suggestion values for the respective applications. Thus, they do not have to be reworked manually in the respective roles. In addition, you have created a transparent way to document for which applications your customer's permissions are available. Last but not least, a well-managed suggestion value maintenance helps you with upgrade work on suggestion values and PFCG roles. This ensures that your changes and connections to the respective PFCG roles are retained and new permissions checks for the new release are added to the applications.
Finally, you must evaluate and implement the results of the preparatory work. The overview allows you to determine which user needs which function groups or function blocks and to set up the permission roles accordingly. You can exclude calls to Destination NONE from your evaluation because these calls are always internal calls to RFC function blocks. In this context, we recommend that you check the mappings for critical function blocks or functional groups.
Law-critical authorizations
This also implies that the change documents must be kept in Excel. The Excel file must not be lost or damaged.
In addition, critical commands should be prohibited from the outset. Examples are EXEC SQL, which allows direct access to database tables bypassing certain security mechanisms, and CLIENT SPECIFIED, which allows access to data in other clients.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.
The Maintenance Status allows you to determine how the authorization object entered the role and how it was maintained there.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
Some of these solutions do not use the derivation concept; This has the advantage that the organisational matrix is not limited to organisational fields.