CONCLUSION
Essential authorizations and parameters in the SAP® environment
The results of the evaluation are marked with a coloured symbol. Classification varies for the different eligibility tests. The EWA does not only contain security-related tests and is therefore divided into different sections (e.g. hardware, performance). The test results in these areas are displayed with a traffic light symbol. If one of the tests within a section is indicated in red, the traffic light for that section shall also be set in red.
You can also monitor security alerts from the Security Audit Log via the Alert Monitoring of your Computing Centre Management System (CCMS). The security warnings generated correspond to the audit classes of the events defined in the Security Audit Log. Many companies also have the requirement to present the events of the Security Audit Log in other applications. This requires evaluation by external programmes, which can be done via the XML Metadata Interchange (XMI) BAPIs. You must follow the XMI interface documentation to configure it. You can also use the RSAU_READ_AUDITLOG_ EXTERNAL sample programme as a template. A description of this programme can be found in SAP Note 539404.
SAP S/4HANA® Launch Pack for Authorizations
For an authorization concept, a clear goal must be defined that is to be achieved with the help of the concept. This should list which regulatory requirements the respective system and the associated authorization concept must take into account. In this way, the legal framework is defined, which is a legal necessity for successful implementation.
After these preparations, we now proceed to the expression of the User-Exit in the validation that has just been created. To do this, you copy the User-Exit definition in the created custom programme, specify a name for the User-Exit definition (e.g. UGALI) and create a new text element.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
This permission does not include user management change permissions and can therefore also be assigned to auditors.
Note that not only the attributes you have changed are active, but also the suggestion values you have not changed.