Schedule PFUD transaction on a regular basis
Conclusion and outlook
Remove improperly defined SAP Orgebene ($CLASS): This function deletes the $CLASS organisational level that was incorrectly delivered with the GRCPlug-in (Governance, Risk and Compliance). Use the test mode of the report to look at possible corrections in advance.
Insert SAP Note 1171185 into your ZBV system. With this notice, the report RSUSR_SYSINFO_LICENSE is delivered, which retrieves and displays the user types from the systems connected to the ZBV. In addition, however, SAP Note 1307693, which contains new functionalities of licence measurement, must be installed on the subsidiary systems connected to the ZBV. In addition, you may need to extend the permissions of the users in the RFC connections to the ZBV's subsidiary systems by the permissions to the S_RFC object with the SUNI and SLIM_REMOTE_USERTYPES function groups. If the SAPHinkling 1307693 is not installed on a subsidiary system, or the RFC user's permissions have not been adjusted accordingly, the RSUSR_SYSINFO_LICENSE report in the application log (transaction SLG1) will issue a warning.
Authorization objects
Furthermore, the statistical data of other users (user activities, such as executed reports and transactions) should be classified as sensitive, since it may be possible to draw conclusions about work behavior using this data. This data can be displayed using transaction ST03N, for example. Access authorizations to the two types of data mentioned above should be assigned only very restrictively.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
The next step is to maintain the permission values. Here, too, you can take advantage of the values of the permission trace. When you switch from the Role menu to the Permissions tab, you will generate startup permissions for all applications on the Role menu and display default permissions from the permissions suggestions. You can now add these suggested values to the trace data by clicking the button trace in the Button bar.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
This is determined by the function block and not by the developer.
In the SOS, a recommendation is made for each check to minimise the identified risk.