The SAP authorization concept
Permissions checks
Changes in customizing and various security-relevant changes, such as the maintenance of RFC interfaces, can be viewed via table change logs. This authorization should only be given to an emergency user.
Cybersecurity is a broad field. Starting with the technical infrastructure of companies and extending to the business processes in SAP systems. Such projects must be well planned and prepared. We have already seen some negative examples of companies that wanted too much at once and then "got it wrong." When it comes to securing business processes in particular, it is important to ensure that the employees affected are picked up and involved. Therefore, use a risk analysis to select the topics and processes that should be at the top of the list when securing.
User administration (transaction SU01)
A new transaction has been added to evaluate the system trace only for permission checks, which you can call STAUTHTRACE using the transaction and insert via the respective support package named in SAP Note 1603756. This is a short-term trace that can only be used as a permission trace on the current application server and clients. In the basic functions, it is identical to the system trace in transaction ST01; Unlike the system trace, however, only permission checks can be recorded and evaluated here.
When your selection is complete, just exit the image with the green button. You will now arrive at the Details Selector screen, where you can select the selection fields and the output fields (the List Field Selector and Selection Fields tabs) of your table combination. We select the authorization objects and values as selection and the role name, and the user as output fields. Done! Now the query can be started with the Run button. In the background, the system creates a programme that builds the join. As a result, a selection screen appears. Enter"S_TCODE"as object and"SCC4"as field value (we only have one field for this object). When you click Run, all users and the triggers are output to you.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
You use Central User Management and wonder why you still need to evaluate the licence data individually in the attached systems.
When you call step 2c, you will get a list of all the roles with the information about whether the respective role is already mixed (green light) or still needs to be mixed (red light).