Authorization concept - user administration process
In addition, you can also define customised permission checks in the SOS and also define combinations of authorization objects and their values. You can create up to 1,000 custom permissions checks in the Check ID namespace 9000 to 9999. You can also redefine whitelists for these permission checks, which apply to either individual or all of the customer's permission checks. The configuration is described in SAP Note 837490.
Configuration validation gives you an overview of the homogeneity of your system landscape. Typical criteria are operating system versions, kernel patch levels, and the status of specific transport jobs or security settings. The following security settings can be monitored using configuration validation: Gateway settings, profile parameters, security notes, permissions. As part of the comparison, you can define rules that determine whether the configuration is rule-compliant or not. If the configuration meets the defined values in the rule, it will be assigned Conform status. You can then evaluate this status through reporting.
What to do when the auditor comes - Part 2: Authorizations and parameters
First of all, represent your organisation. Map the business processes (if necessary only at the generic level of applications such as MM or CO) across the organisation. On this basis, determine which organisational characteristics (organisational levels, but also cost centres, organisational units, etc.) represent which parts of the organisation. Define (if necessary, only in detail in accounting, otherwise at the level of applications) which functions must necessarily remain separate. If you have a running system, evaluate the use of the last 13 months (see Tip 26, "Use usage data for role definition"). Set up a new system and make sure that processes are always documented to the level of transactions. In such a case, it is also best to collect the business risks directly in the process description.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
As part of the implementation of a security patch process, you will have to evaluate many security advisories, depending on your release and support package status. In this case, you can use the RSECNOTE report or the EarlyWatch Alerts to evaluate which security information has been identified as particularly critical by SAP Active Global Support. Since March 2013, the RSECNOTE report has only been very restricted and therefore contains only a few new safety recommendations. Nevertheless, it provides good guidance for the initial resolution of security gaps.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
When your selection is complete, just exit the image with the green button.
With the Change Preview selection, you can see which suggestion values would be changed for your selection in the transaction SU24.