Note the maintenance status of permissions in roles and their impact
Debug ABAP programs with Replace
Furthermore, the statistical data of other users (user activities, such as executed reports and transactions) should be classified as sensitive, since it may be possible to draw conclusions about work behavior using this data. This data can be displayed using transaction ST03N, for example. Access authorizations to the two types of data mentioned above should be assigned only very restrictively.
SAP authorizations are not exclusively an operational issue - they are also essential for risk management and compliance and represent one of the key audit topics for internal auditing and auditors. In most cases, the different rules according to which the risks of SAP authorizations are assessed are problematic.
SAP Authorizations - A Common Perspective of Developers and Consultants
Authorizations in a company are usually not assigned to individuals, but to roles. A role describes jobs or positions within the organization. One or more persons can hold a role and thus have the access authorizations assigned to the role. The authorization profile (the number of authorizations) of a role contains all authorization objects that are required to execute the transactions. By means of a profile generator (transaction PFCG) the creation of the authorization profile can be automated in SAP.
The programmer of a functionality determines where, how or whether authorizations should be checked at all. In the program, the appropriate syntax is used to determine whether the user has sufficient authorization for a particular activity by comparing the field values specified in the program for the authorization object with the values contained in the authorizations of the user master record.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
You can implement the first request for additional verifications when performing document transactions by using document validation.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
In this way, you can not only clean up your SU24 values, but at the same time achieve a high-performance starting position for role and authorization administration.