Analyze user buffer SU56
The role concept provides that each user can only process the tasks to which he is authorized. It is developed across departments and must protect sensitive data from unauthorized access. A clear role concept enables a modular structure of authorizations without having to create separate roles for each user.
If your users are allowed to share their own background jobs, you need the JOBACTION = RELE permission to the S_BTCH_JOB object. In this case, you can start all jobs at the desired time. In many cases, background jobs are used for the professional or technical operation of applications; Therefore, we recommend that you schedule these background jobs under a System-Type technical user (see also Tip 6, "Note the impact of user types on password rules"). The advantage of this is that the permissions can be controlled more accurately and you do not run the risk of a job being lost if the user under whom it was scheduled to leave your company once. You can realise the association with a system user by giving the user who plans the job permission for the S_BTCH_NAM object. In the BTCUNAME field, the name of the step user, i.e. the user under whom the job should run, such as MUSTERMANN, is entered.
Use AGS Security Services
Careful preparation is a prerequisite for a successful authorisation check. A functional specification must be created for all customer-specific functionalities. This forces us to think about what the actual requirements of the application are and then describe the possible implementation. In doing so, security-related aspects, such as eligibility testing and allocation, must be taken into account. Define what you can do with this programme and also what you cannot do explicitly! In the case of a permission check, not only the activity to be performed, such as reading, changing, creating, etc. , can be checked. You can also restrict access to records by using specific criteria, such as field content or organisational separators.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
Security notes correct vulnerabilities in SAP standard software that can be exploited internally or externally. Use the System Recommendations application to keep your systems up to date. SAP software is subject to high quality assurance standards - however, security vulnerabilities may occur in the code. These vulnerabilities can, in the worst case scenario, open the door to external and internal intruders. It is not difficult to find guidance on exploiting these vulnerabilities in relevant internet forums. A permission concept is only as good as the code that performs the permission checks. If no permission check occurs in your code, the permission concept cannot restrict access. For these reasons, SAP has introduced Security Patch Day (every other Tuesday of the month), which will allow you to better plan for implementing the security advisories. In addition, you can use the System Recommendations application in the SAP Solution Manager to get a detailed, cross-system overview of the security advice you need. The system status and the SAP hints already implemented are taken into account. With this support, ensure that your system landscape is at the current security level.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
There are many advantages to using an authorization tool for companies.
However, not only the explicitly mentioned transactions are evaluated, but also equivalent parameter or variant transactions.