Reset passwords using self service
PRGN_COMPRESS_TIMES
The user administration process, i.e. user creation, modification and deactivation, should on the one hand be available in written documented form, either as a separate document or as part of the authorization concept documented in writing, and on the other hand also be carried out in accordance with the documentation. Therefore, a reconciliation should be performed on two levels: on the one hand, it should be ensured that the documentation is up to date and, on the other hand, it should be checked whether the process was also followed in the fiscal year to be audited. Possible deviations should already be prepared argumentatively, special cases can always occur that deviate from the actual process. However, these should be documented in a comprehensible manner so that an external auditor, such as the auditor's IT auditor, can check the plausibility. All documentation should be provided with the essential information (creator, date, version, etc.) and be in a format that cannot be changed (usually PDF). Additional documentation can also be output from the ticket system, provided that the process is consistently documented via the ticket system.
A red symbol will not be used in the eligibility tests in the EEA, as the rating has to be carried out individually for each enterprise. There are also different requirements within the system landscape, e.g. on production or development systems. The EWA is deliberately not customisable, as it is designed to alert customers to SAP-rated settings.
Detect critical base permissions that should not be in application roles
For the configuration, you must first enable encryption and, if necessary, signing in the SAPConnect administration. To do this, go to Settings > Outgoing Messages > Settings on the Signing & Encryption tab of the SCOT transaction. Note that the activation only enables the encryption or signature of emails; whether this is actually done always controls the sending application.
To use the trace data from the USOB_AUTHVALTRC table, first go to the change mode and then either click the SAP Data button or select Object > Add Objects from Trace > Local. The found authorization objects are imported from the table, but are not yet marked with any suggestion values. To maintain the suggestion values, click the Trace button. In the window that opens, select one of the new authorization objects and then select Trace > Permissions Trace > Local. The checked permission values will now be displayed. To apply these values, select Y Yes in the Suggest Status combo box and select the values you wish to display in the right pane of the window. Then click Apply. After confirming your entries, you confirm the Permissions field maintenance in the Permissions proposal maintenance by clicking on the green checkmark, so that the status of the Permissions object is green (maintained). Also continue with other authorization objects.
Authorizations can also be assigned via "Shortcut for SAP systems".
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
You can use up to three hierarchies for entitlement award for cost centres and profit centres.
As part of the comparison, you can define rules that determine whether the configuration is rule-compliant or not.