Mitigating GRC risks for SAP systems
View system modifiability settings
The authorization objects are attached by analogy to the forecast and item-based reports. The authorization objects of the item-based reports are checked in addition to the authorization objects for the information system when the report is selected. There is a trick in maintaining the CO-PA-specific authorization objects, because a once selected result area is set for the entire session of your login. This is of course hindering the maintenance of authorization objects for different result areas. Therefore, simply change the result area in the Customising window using the following path: Controlling > Income and market segment accounting > Structures > Set result area.
Make your IMG projects more secure. We show you how to create customising permissions for individual projects or project views, thereby limiting access. With the SAP Implementation Guide (IMG), there is a tool that allows you to customise your SAP system to suit your business needs. You can manage access to projects in the IMG via customising permissions and thus limit the user circle. You grant the members of an SAP project team the permissions they need to support the project. Below we show you how to create customising permissions by mapping to the IMG projects.
Advantages of authorization tools
If the security advice change affects normal programme flow, you should schedule application tests. If only exceptional treatments are adjusted, you can omit or severely limit the test.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
Any deviation from the defined process must be fully documented and justified. This is because it is precisely deviations from the standard case that are of great interest to an auditor, as the auditor must determine whether a deviation could have an impact on the correctness of the data.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
To learn how to do this, see Tip 27, "Define S_RFC permissions using usage data." However, such a cleanup of the privileges of your interface users cannot happen overnight.
For more information about generic access to tables, see SAP Note 1434284 Information Published on SAP Site and the online documentation for the authorization objects mentioned above.