The SAP authorization concept
Set Configuration Validation
Do you want to automatically monitor the security settings of your systems and receive convenient evaluations? We will explain how to use configuration validation. If you have a large SAP system landscape in use, the control of the many different security settings can be complex. You define your security requirements for the entire SAP system landscape; they concern, for example, the settings of the profile parameters, the handling of safety instructions or critical permissions that may only be assigned to emergency users. You can define these requirements in the SAP Solution Manager Configuration Validation application and evaluate compliance with these requirements in all systems.
We would like to point out that after defining and implementing a authorization object, you should no longer change the permission field list, as this will cause inconsistencies. Once you have determined that you want to add more fields to your check, assign your authorization object to the AAAA object class and create a new authorization object.
Centrally view user favourites
You can use the BAdI SMIME_EMAIL of the SMIME extension spot and implement the CERTIFICATE_RETRIEVAL and CERTIFICATE_SELECTION methods according to your requirements. This BAdI is called whenever an encrypted e-mail is sent. An extension allows you to search for a valid certificate at run time (for example, the one with the longest validity) to the recipient's email address in a source you defined. In the default implementation, the BAdI searches for the certificate in the Trust Manager's address book. For details on the availability of BAdIs, see SAP Note 1835509.
You can customise the AIS cockpit to your needs. To do this, use the customising that you will also find in the transaction SAIS under the button Administration of the audit environment. Select Configure Audit Cockpit and you can define a default audit structure, the maximum line length for log entries, and the number of log entries per audit step.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
In the PFCG role that describes the desktop, you can now delete the GENERIC_OP_LINKS folder.
The selection is made in the start image of the report, e.g. via the table name or the selection of options for logging.