CONCLUSION
What to do when the auditor comes - Part 1: Processes and documentation
Documents: The documents in the audit structure describe the audit steps. You can create them in accordance with your audit requirements. You can recognise documents by the symbol. Double-click on this icon to open the document.
The programmer of a functionality determines where, how or whether authorizations should be checked at all. In the program, the appropriate syntax is used to determine whether the user has sufficient authorization for a particular activity by comparing the field values specified in the program for the authorization object with the values contained in the authorizations of the user master record.
SAP AUTHORIZATIONS: THE 7 MOST IMPORTANT REPORTS
The proposed values in the SU24 transaction are an imperative for the maintenance of PFCG roles, as these values are used when creating PFCG roles. The better these values are maintained, the less effort is required to maintain the PFCG roles (see figure next page). You may ask yourself in which cases it makes sense to adjust the proposed values, since they have such a large impact on the maintenance of roles.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
If you have a Central User Administration (ZBV) in use, there are certain dependencies between the base release of your ZBV and the base release of the subsidiary systems. Check the compatibility of your systems before setting the login/password_downwards_ compatibility profile parameter. For details on the technical dependencies between releases, see SAP Note 1458262.
Authorizations can also be assigned via "Shortcut for SAP systems".
Both the validity of the initial password and the maximum value for password login errors are set using profile parameters.
The full list of all security checks in the SOS can be found in the SAP Service Marketplace on the page https://service.sap.com/sos via Media Library (Security Optimisation Service > ABAP Checks).