Limit character set for user ID
SAP S/4HANA® migration audit
In many SAP environments, there are historically grown authorization structures that cause unnecessary security gaps. These should be examined closely.
As with an SAP_NEW role, it is possible to generate an SAP_APP role. As with the SAP_APP profile, all permissions are included here, except the base permissions and the HCM permissions. The ability to create this role with the report REGENERATE_SAP_APP exists after inserting the SAP note 1703299. This report generates a role that is fully usable for all applications. However, we recommend using this role only for development and test systems.
Trace after missing permissions
Until now, there were no ways to define different password rules or password change requirements for these users. Today, this is possible with the security guidelines that you assign to users and clients. In the following we will show you how to define security policies and how they work.
Which authorization data does a role have (PFCG)? Again, start the transaction PFCG and display a role. Then branch to the tab Authorizations and click on the button with the "glasses" (bottom left): Display authorization data.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
You can access the ABAP Test Cockpit from the context menu of the object to be checked via Verify > ABAP Test Cockpit.
You must follow the XMI interface documentation to configure it.