Customise SAP_ALL Profile Contents
AUTHORIZATIONS FOR BATCH PROCESSING IN THE SAP NETWEAVER AND S/4HANA ENVIRONMENT
Repair defective field list in SU24 suggestion values: This function verifies that all the authorization objects used in the permission proposals are consistent, that is, fit to the authorization object definitions from transaction SU21. If there are no permission fields or if there are too many entries, these data will be corrected in the proposal values.
In such a case the last error is displayed in SU53 or the display is empty. Then you can't avoid analyzing the error message of the transaction. One more tip in the end: Instruct the user to take the screen shot with , this will put the whole active window on the clipboard and you can see which transaction, system and context of the transaction it is. Smaller "SnagIt "s are mostly useless and lead to unnecessary queries.
General considerations
It must be clarified in advance what constitutes a recognized "emergency" in the first place and which scenarios do not yet justify activating the highly privileged user. In addition, it may only be approved and activated after a justified request and only under the dual control principle. After use, it must be administratively blocked again immediately.
The chapter on authorization recertification should also be defined in the authorization concept, which is documented in writing. This refers to a regular review of the assigned authorizations in the SAP® system, to be performed at least once a year. In the course of this process, the responsible departments should review the assignment of the respective roles to users in their area and critically scrutinize it once again. This process ultimately ensures that users only have the authorizations in the SAP® system that they actually need. It must therefore be defined in which time period and in which form the departments must receive the information about the assigned authorizations and report back regarding the correctness of the assignment. During preparation, it is therefore necessary to check whether the process has been carried out in accordance with the internal specifications, but also in accordance with possible suggestions for optimization made by the auditor, and whether all the evidence is stored ready to hand for the auditor.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
Before you can start upgrading the suggestion values and roles, you need to consider a few things.
You must also set the PASSWORDX import parameter to display a password change.