Check the SAP authorization concept
Set up permissions to access specific CO-PA measures
In an SAP® system, authorizations are not the only focus of the auditor. Essential system parameters are also part of the audit. For this reason, it should also be ensured in advance that all parameters are set up in accordance with the company's specifications. The parameters concerned are all those that ensure system and client security. Among other things, it must be ensured that the production system is protected against any kind of changes and therefore no direct development is possible.
SOS reports can be very comprehensive. In particular, if the Whitelists are not yet maintained, reporting volumes of up to 200 pages are not uncommon. Do not be discouraged in such a case, but start by cleaning up a manageable amount of critical SOS results. You can then edit the further results in several rounds. The AGS recommends which critical SOS results you should consider first; You can find these in the AGS Security Services Master slide set in the SAP Service Marketplace Media Library.
SAP S/4HANA® migration audit
Define explicit code-level permission checks whenever you start transactions from ABAP programmes or access critical functions or data. This is the easiest and most effective defence to protect your business applications from misuse, because programming-level permission checks can ensure two things: Incomplete or incorrect validation of the executed transaction start permissions will result in compliance violations. Complex permission checks can also be performed adequately for the parameterized use of CALL TRANSACTION.
In order to make a well-founded statement about the complexity and the associated effort, a fundamental system analysis is required in advance. The results obtained from this form an excellent basis for estimating the project scope and implementation timeframe.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Users with such IDs will write all change documents, but the IDs can still cause confusion if, for example, they are not recognisable as a user ID or if it appears that no user is displayed for the change document.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
So you should always adjust the maximum size of the file to your needs using the parameters rsau/max_diskspace/per_file and rsau/max_diskspace/per_day.