Lack of definition of an internal control system (ICS)
What to do when the auditor comes - Part 2: Authorizations and parameters
You will need to adapt the template to your organisation's circumstances, i.e., probably define the certificate filing depending on the naming convention for your users and adjust the certificate verification. This verification of certificates ensures that no existing certificates are added in the template and that only one certificate is entered to an e-mail address. This check is necessary because sending an encrypted e-mail is cancelled if more than one valid certificate to an e-mail address is found. You can map mass imports of the certificates via this customer-specific programme. In addition, you will also need to define a way to manage certificates in your organisation, i.e. how to transfer changes to certificates to the SAP system.
In order to transport this table entry, you must go to the object list of the transport order in transaction SE09 and manually create an entry there with object key R3TR TABU KBEROBJ. Double-click on the key list, and you will be taken to the care image where you have to create an entry with *. This will transport all entries in the KBEROBJ table starting with a space. You must then move the RESPAREA field to the organisational level. Please follow the instructions in our Tip 49, "Add New Organisation Levels". If you use more than one Cost Centre or Profit Centre hierarchy with inheritance logic for the permissions, you must set this in the Customising cost accounting circles through the transaction OKKP. There you can decide in the year independent basic data which hierarchies you want to use. In the basic data for the year, you then define which hierarchies should be used per fiscal year. You can use up to three hierarchies for entitlement award for cost centres and profit centres.
Basic administration
Other dangers include admins simply copying user roles, not having control processes for permission assignments, or not following the processes over time. In this context, two things should be clarified: Which SAP user is allowed to access which data? How do the roles differ (especially if they are similar)?
However, the preferred and more comprehensive variant of a programmatic permission check is the use of the AUTHORITY_CHECK_TCODE function block. This function block not only responds to a missing permission when the programme starts, but can also specify that only the NO-CHECK check marks maintained in the transaction SE97 allow external calling from another transaction context. This is determined by the function block and not by the developer.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
Standard programs / transactions of an ERP system are already equipped with these objects during the initial installation.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
The same applies to the concept of data ownership.