Goal of an authorization concept
User and authorization management
The Security Optimisation Service for ABAP contains more security checks than the corresponding section in the EWA. In particular, the number of eligibility checks is higher. A total of 110 eligibility tests are currently defined in the SOS, including 16 critical eligibility tests for HR. The full list of all security checks in the SOS can be found in the SAP Service Marketplace on the page https://service.sap.com/sos via Media Library (Security Optimisation Service > ABAP Checks).
By inserting SAP Note 1723881, you resolve the third of these problems by banning the recording of the same role on different transport orders. To enable this change in system behaviour, you must set the CLIENT_SET_FOR_ROLES customising switch to YES in the PRGN_CUST table. This toggles the setting in the SCC4 transaction for changing and recording custom customising objects ("Client modifiability") for role maintenance.
Efficient SAP rollout through central, tool-supported management
Every SAP system (ERP) must be migrated to SAP S/4HANA® in the next few years. This technical migration should definitely be audited by an internal or external auditor.
SAP authorizations are not exclusively an operational issue - they are also essential for risk management and compliance and represent one of the key audit topics for internal auditing and auditors. In most cases, the different rules according to which the risks of SAP authorizations are assessed are problematic.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
In general, you should note that not all relevant change documents of a system are present in the user and permission management.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
To do this, click the Evaluate Trace button and select System Trace (ST01) > Local.