Set Configuration Validation
Important components in the authorization concept
If you use configuration validation, we still recommend that you use the AGS Security Services, such as the EarlyWatch Alerts and SAP Security Optimisation Services, which we describe in Tip 93, "AGS Security Services." SAP keeps the specifications and recommendations in the AGS Security Services up to date and adapts them to new attack methods and security specifications. If you have identified new security issues within a security service, you can set your target systems accordingly and monitor these aspects in the future.
Have you ever tried to manually track who among the users in your SAP system has critical authorizations? Depending on your level of knowledge and experience, this work can take a lot of time. If audits have also been announced, the pressure is particularly high. After all, it is difficult to fulfill all requirements regarding SAP authorizations manually.
Grant spool jobs
Documents: The documents in the audit structure describe the audit steps. You can create them in accordance with your audit requirements. You can recognise documents by the symbol. Double-click on this icon to open the document.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
A universally applicable template for a reliable and functioning authorization concept does not exist due to the individuality and the different processes within each company. Therefore, the structures of the company and the relevant processes must be analyzed in detail during the creation process. Some core elements of the authorization concept to be created can be defined in advance. These include the overarching goal, the legal framework, a naming convention, clarification of responsibilities and process flows for both user and authorization management, and the addition of special authorizations. Only with clearly defined responsibilities can the effectiveness of a concept be guaranteed.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
If no verification takes place in the invoked programme, it must be installed in the calling programme by adding additional features for the eligibility check.
In the evaluation of the Permission trace, an additional column named Server Name appears, showing you the name of the application server on which the respective permission checks were logged.