Perform Risk Analysis with the Critical Permissions Report
Change documents
You can influence the default behaviour of various transactions and parameters with the customising switches for the maintenance of Session Manager and Profile Generator as well as the user and permission management. The SSM_CID table gives you an overview of all customising switches supplied by SAP, specifying the relevant tables SSM_CUST, SSM_COL, PRGN_CUST and USR_CUST. The short description of the customising switch refers to the relevant and current SAP references. The actual settings can be found in the SSM_CUST, PRGN_CUST and USR_CUST tables.
In principle, a technical 4-eyes principle must be implemented within the complete development or customizing and transport process. Without additional tools, this can only be achieved in the SAP standard by assigning appropriate authorizations within the transport landscape. Depending on the strategies used, only certain transport steps within the development system should be assigned to users. When using the SAP Solution Manager ("ChaRM") for transport control, for example, only the authorizations for releasing transport tasks should normally be assigned here. The complete processing of a transport in the development system consists of four steps: Creating and releasing a transport request (the actual transport container), creating and releasing a transport task (the authorization for individual users to attach objects to the respective transport request).
AUTHORIZATIONS FOR BATCH PROCESSING IN THE SAP NETWEAVER AND S/4HANA ENVIRONMENT
In our eCATT test configuration, the prepared file can now be used to play the recording. Note that playback stops when we encounter an error in the PFCG transaction, such as when we try to create a role with the input values that already exist. To play, specify the file under External Variants in Test Configuration and click Run (F8). You will be given the opportunity to set some playback properties. Now, with Run, it starts. You will see some messages from the PFCG version at the bottom of the status bar and will end up with a summary of success (or failure if there were errors). We admit that eCATT is more complex to use than the transaction SU10. However, if you have used eCATT a few times, it is quite quick. Please always note that the basic mechanism is to play a recording and therefore other organisational levels (e.g. a third organisational level, which is in the dialogue before the work and the sales point) also require a different recording and editing.
You can customise the AIS cockpit to your needs. To do this, use the customising that you will also find in the transaction SAIS under the button Administration of the audit environment. Select Configure Audit Cockpit and you can define a default audit structure, the maximum line length for log entries, and the number of log entries per audit step.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
This role is now available for you to assign to users.
On the one hand, this protects sensitive information and, on the other, prevents damage caused by incorrect use of data.