Default permissions already included
Mitigating GRC risks for SAP systems
GET_EMAIL_ADDRESS: The example implementation of this method reads the e-mail address from the system's user master record. Adjust the method if you want to read the email address from another source.
Existing log files are managed using the SM18 transaction. Here you can delete the log files in all active instances. This requires the indication of a minimum age in days for deletion. The smallest possible value is three days, without taking the current day into account in the calculation.
Advantages of authorization tools
Locking and validity of the user account is done through the user administrator and is also valid for other authentication procedures. This means that a login via SSO is not possible for an invalid user or a user with administrator lock. We therefore always recommend that you prevent access to the system by setting the validity of users. Setting validity on assigned roles also prevents the user from performing actions in the system, but does not generally prevent them from logging in.
By default, the transactions from the role menu can be found here as derived authorization values. Over the value assistance (F4) can be called partially the available functions fields to these field.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
If a new program is required in the namespace of a company, the programmer decides which authorization objects should be checked in this program.
The checked permission values will now be displayed.