Solution approaches for efficient authorizations
Set Configuration Validation
The evaluation performance of the Security Audit Log was optimised from SAP NetWeaver 7.31. For this extension, you need a kernel patch. For the fixes and an overview of the required support packages, see SAP Note 1810913.
To help you better find your own tables in the future, check your development policy to see if the storage is adequately described. If the development guidelines are not complete, you should supplement them. For example content for a development policy, see the DSAG Web site under Guides. Now go to https://www.dsag.de/go/leitfäden and search for "Best Practice Guide Development".
SIVIS as a Service
Configuration validation gives you an overview of the homogeneity of your system landscape. Typical criteria are operating system versions, kernel patch levels, and the status of specific transport jobs or security settings. The following security settings can be monitored using configuration validation: Gateway settings, profile parameters, security notes, permissions. As part of the comparison, you can define rules that determine whether the configuration is rule-compliant or not. If the configuration meets the defined values in the rule, it will be assigned Conform status. You can then evaluate this status through reporting.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
The first step in the cleanup process is therefore to find out whether the current authorization concept is sufficient and a cleanup is the best way forward, or whether a rebuild of the authorization concept is necessary. The focus should be on saving the current authorization concept, since rebuilding it takes more time than cleaning it up.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
The transaction code must be valid (i.e. entered in the TSTC table) and must not be locked by the system administrator (in the SM01 transaction).
By default, this feature is off.