Default permissions already included
Use the authorisation route to identify proposed values for customer developments
S_PROJECT authorization object: The S_PROJECT authorization object enables you to work with customising projects. You can modify, view or delete projects, maintain status information, project documentation, and perform project evaluations.
If you use configuration validation, we still recommend that you use the AGS Security Services, such as the EarlyWatch Alerts and SAP Security Optimisation Services, which we describe in Tip 93, "AGS Security Services." SAP keeps the specifications and recommendations in the AGS Security Services up to date and adapts them to new attack methods and security specifications. If you have identified new security issues within a security service, you can set your target systems accordingly and monitor these aspects in the future.
Identify Executable Transaction Codes
In the course of a comprehensive protection of your system from the inside as well as from the outside it is indispensable to have a closer look especially at the SAP standard users. They have far-reaching authorizations that can cause great damage to your system if misused. It should be noted that they are very important for the operational execution of your SAP system and must not be deleted. However, since the associated standard passwords can be quickly researched, they must be changed immediately after delivery of the SAP ERP. You can perform a detailed check of these users using report RSUSRS003. It is also recommended to set certain default users inactive until they are actually used.
In addition, you must note that you may not execute this report on systems that are used as a user source for a Java system. This is due to the fact that a login to the Java system will only update the date of the last login to the ABAP system if a password-based login has taken place. Other Java system login modes do not update the date of the last ABAP system login.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
No matter what the reason, it is quickly said that a new authorization concept is needed.
Note that this can be a very large number of transactions and can therefore take longer.