System Users
SAP Data Analytics
In the PRGN_CUST table, set the customising switch REF_USER_CHECK to E. This prevents you from using other types of users than reference users. This switch only affects new mappings; You should manually clean up any existing mappings of other user types.
The downloading of the table must be monthly. You can also make downloading easier; Frank Buchholz presents programmes that you can use in his blog (see http://wiki.scn.sap.com/wiki/display/Snippets/Show+RFC+Workload+Statistic+to+build+authorizations+for+authorization+object+S_RFC). Optionally, the next step is to identify function groups for the function blocks. You can find them in the AREA field of the ENLFDIR table. However, we recommend granting permissions at the function block level, because function groups often contain a large number of function blocks and the accessibility is expanded unnecessarily.
Unclear objectives and lack of definition of own security standards
Have you ever tried to manually track who among the users in your SAP system has critical authorizations? Depending on your level of knowledge and experience, this work can take a lot of time. If audits have also been announced, the pressure is particularly high. After all, it is difficult to fulfill all requirements regarding SAP authorizations manually.
Because certain types of permissions, such as analysis permissions, for SAP BW, or structural permissions in SAP ERP HCM are not based on SAP permission profiles, these permissions are not displayed or refreshed in the permission buffer. To analyse such eligibility issues, you must therefore use the appropriate tools, such as the HRAUTH transaction for SAP ERP HCM or the RSECADMIN transaction for SAP BW. The same applies to the Organisation Management buffer if you use indirect role mapping. Run the RHWFINDEXRESET report to reset the Organisation Management buffer. A prerequisite for the user buffer to be up-to-date is the correct user matching (green instead of yellow statusabilds on the Users tab).
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Some useful tips about SAP basis can be found on www.sap-corner.de.
When you create users in the SU01 transaction, do you want to automatically pre-occupy certain fields from a data source? Use a new BAdI for which we present an implementation example.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
If transactions are changed in the role menu of a single role, this option is automatically suggested to the operator.