System Security
Custom Permissions
Permissions are often not restricted because there is often no information about how the object should be shaped. The identification of the required functional components is often considered to be too burdensome and the risks from a lack of limitation are considered to be too low.
With the introduction of security policy, it is now possible to define your own security policy for System or Service users. This way you can ensure that backward-compatible passwords are still used for these users. This eliminates the reason that password rules were not valid for System/Service type users; Therefore, the rules for the content of passwords now apply to users of these types. Password change rules are still not valid for System or Service type users. If you are using security policy in your system, you can use the RSUSR_SECPOL_USAGE report to get an overview of how security policy is assigned to users. This report can be found in the User Information System (transaction SUIM). In addition, the user information system reports have added selected security policies to the user selection. This change was provided through a support package; For details, see SAP Note 1611173.
SAP license optimization
It is important that after the AUTHORITY-CHECK OBJECT command is called, the return code in SY-SUBRC is checked. This must be set to 0; only then a jump is allowed.
This missing functionality comes with SAP Note 1902038 and can only be recorded via the respective support packages for SAP NetWeaver Releases 7.31 and 7.40. The ZBV's change documents are written for the USER_CUA change document object. The analysis of the change documents can be accessed using the following methods.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
If you click on the button "Evaluation" or the F2 key, you can display the evaluation.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
We select the authorization objects and values as selection and the role name, and the user as output fields.