Sustainably protect your data treasures with the right authorization management
Analyzing the quality of the authorization concept - Part 1
Typically, this includes permissions that can be used to delete change records in the system or electronically erase them. The traceability of changes is also important in the development system, which is why the authorizations listed below should only be assigned very restrictively or only to emergency users.
Add SAP Note 1433352 to your system. This note ships with the RSAUDIT_SYSTEM_STATUS report. This report documents the current status of the Client and System Modification Settings in an overview, which you can also print out for evaluation if required. The advantage of this report is that pure display permissions are necessary to execute it.
Assignment of critical authorizations and handling of critical users
User master record - Used to log on to the SAP system and grants restricted access to SAP system functions and objects via the authorization profiles specified in the role. The user master record contains all information about the corresponding user, including authorizations. Changes only take effect the next time the user logs on to the system. Users already logged on at the time of the change are not affected by the changes.
The function block was obviously not intended for this use, but our procedure does not affect the programme process and we are not aware of any limitations resulting from this use. You can also apply this procedure to other BTEs that pass data in a similar form. However, you should always exercise caution and check whether the application has already created sum records or whether there are other dependencies. Finally, you will need to create a product you have developed (you can define the name yourself) in the FIBF transaction and assign it to Business Transaction Event 1650 along with the customer's own function block, as shown in the following figure. A custom product may include several enhancements. It forms a logical bracket around the extensions and thus provides a better overview. In addition, it allows for a targeted activation or deactivation of the implementations.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The website www.sap-corner.de offers many useful information about SAP basis.
Certain permissions that are not relevant until a job step is run are checked at the time of scheduling for the specified step user.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
In addition, to ensure that you do not lose information with your upgrade work, you can write and release the data from the SU24 transaction on step 3 (customer table transport) in the SU25 transaction to a transport order.