SAP S/4 HANA®
Best Practice SAP Basis Administration: Batch Control
In addition to internal security requirements, national and international guidelines sometimes require all audit and security-related user actions to be recorded. With the Security Audit Log (SAL) you have the possibility to log all changes, e.g. for users, user master records, but also roles and groups.
The analysis shows you in the form of a traffic light output (red-yellow-green) whether the respective settings are configured correctly. In addition, you can also view the detailed values of the respective settings.
Clear authorization concept
For more information about the lowest support package level for SAP ABA and SAP Basis to install an SAP Basis plug-in, see basis-plug-in → SAP Plug-In → SAP Basis Plug-In → Releases on the SAP Service Marketplace. For more information about the lowest support package level for the corresponding SAP R/3 Plug-In, see basis-plug- in → SAP Plug-In → SAP R/3 Plug-In → SAP R/3 Plug-In Releases on the SAP Service Marketplace. This level depends on the release of SAP R/3 or SAP R/3 Enterprise.
Cross-client tables can be modified. The control system of another, productive client can thus be undermined and undermined. Quite a lot of power! Did you also know that the SAP system provides a feature that deletes table change protocols (DBTA BLOG table) and that it is effective across all clients? If the table change logs have not been additionally archived via the BC_DBLOGS archiving object, traceability is no longer available. That way, every criminal act within your company can be beautifully covered up. Similarly, full access to batch management allows you to manage all background jobs in all clients with the permission. This allows you to delete old background jobs that have gone unauthorised. There are also some points to consider when managing print jobs. Typically, the following two SAP access permissions are enabled to protect print jobs: S_SPO_DEV (spooler device permissions) S_SPO_ACT (spooler actions). Why? Confidential information in print jobs is not protected against unauthorised disclosure. (Strictly) sensitive print jobs can be read unauthorised or redirected to external printers and printed out. Print jobs are unprotected unless additional SAP access permissions are enabled to protect print output. The print jobs are multi-tenant, which means that the authorisation award should also be well thought through at the point.
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
These systems are an essential part of the internal control system.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
Now select the applications / tabs to which the group should be accessed (with CTRL you can select several) and select the Grant button.