Detect critical base permissions that should not be in application roles
Analyze user buffer SU56
If the system trace has recorded permission data for this authorization object, it will appear in the right pane of the window. In the left pane, you can see the existing suggestion values. If you notice that you do not have any suggestion values that you think are necessary and have been recorded by the trace, you can set the suggestion values to Yes by selecting the appropriate row, column or field in the right pane and clicking the Apply button. You are free to make any manual adjustments to the field values. Afterwards, confirm maintenance and your changes are saved for this authorization object. Do the same for all other authorization objects.
Your compliance requirements specify that background jobs that are used should be maintained with permission proposals? We'll show you how to do that. Particularly in the banking environment, there are very strict guidelines for the permissions of background jobs used for monthly and quarterly financial statements, etc. Only selected users or dedicated system users may have these permissions. In order to clearly distinguish these permissions from the end-user permissions, it is useful to explicitly maintain the permissions for specific background jobs with suggestion values, so that these values can be used repeatedly to maintain permissions and are therefore transparent. You may have noticed that in the transaction SU24 you have no way to maintain background job credentials. So what's the best way to do that?
Set up login locks securely
To read or modify data, a user must have both the privilege of performing a specific action and the privilege of accessing the object. The following privileges are distinguished in SAP HANA.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Authorizations are the main controlling instrument for mapping risk management and compliance. They are used to control all processes in the systems. For the most part, separation of functions is implemented exclusively with authorizations. Therefore, not only the one-time setup of authorizations is relevant, but also the continuous monitoring and control of the authorization assignment. Various tools are available on the market for this purpose. A re-certification process that involves the departments and optimizes the revalidation of authorizations is helpful.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
The generated password is returned using the export parameter GENERATED_PASSWORD.
We recommend that you keep the name of the RFC connection for each ERP system in the system landscape and only change the connection data in the RFC connections.