General considerations
What to do when the auditor comes - Part 2: Authorizations and parameters
Here, the authorizations are either derived from the role menu (through the authorization default values (transaction SU24) or can also be edited manually in expert mode. The individual authorization objects are divided into object classes. For example, the object class AAAB (cross-application authorization objects) contains the authorization object S_TCODE (transaction code check at transaction start) with the authorization field value TCD (transaction code).
They have encountered a role that includes manually maintained organisational levels. Even if you correct the error manually in the role by manually deleting the manually maintained value of the organisation levels in the authorization object, the value in question is not drawn from the organisation level. The AGR_RESET_ORG_LEVELS report allows you to reset these values for the role. The manually maintained organisational data will be deleted, and only the values that have been maintained via the Origen button will be drawn.
Security Automation for HR Authorizations
Every SAP system (ERP) must be migrated to SAP S/4HANA® in the next few years. This technical migration should definitely be audited by an internal or external auditor.
Now the structure must be filled "with life". To do this, you must first create meaningful subfolders in the customer's own structure. As already mentioned, these are mostly based on the SAP modules. Make sure that you also set your customising for additional add-ons, so that later the work of support organisations is easier. Call the transaction SOBJ. There, you create customising objects that will later be reused in your IMG structure. It is useful to name the object exactly as the corresponding table. This simplifies the later maintenance in the IMG structure. Here you also decide whether and how the tables can possibly be maintained in the productive system. To do this, select the appropriate entries in the Category and Transport fields and check the Current setting option. Repeat this for all custom customising tables that are still needed.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
If you want to get more information about SAP basis, visit the website www.sap-corner.de.
The permissions on database objects show you the details of the user's permissions to access the object.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
The first two problems can be solved by inserting the correction from SAP Note 1614407.