Use Central User Management change documents
This representation has been chosen to show the differences in the classification of user types, because, despite the Global setting for the distribution parameter of the licence data (in the transaction SCUM), the settings in the ZBV may differ from those of the subsidiary system. In addition, you can add the columns ID in the report: Contractual User Type and ID: Show the value in central, which contains the technical values for the user type. If users on the daughter systems are not relevant for the licence measurement, the value User is irrelevant for the licence measurement in the column Contractual User Type. This value occurs for the following users: - technical user - user is not present - user is not valid - user is of type reference user.
Increased compliance requirements and the design of internal control systems confront companies with an increasing number of rules on how SAP (and other IT) systems must be technically protected. The SAP authorization concept specifies such legal standards and internal company rules. This ensures that each user only receives the authorizations he or she needs for his or her activities. The business risk can thus be reduced to a minimum.
Advantages of authorization tools
This missing functionality comes with SAP Note 1902038 and can only be recorded via the respective support packages for SAP NetWeaver Releases 7.31 and 7.40. The ZBV's change documents are written for the USER_CUA change document object. The analysis of the change documents can be accessed using the following methods.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Due to the complexity of an SAP® authorization concept, it is necessary that all essential aspects are set down in a written documented authorization concept. This should describe the essential processes, but also how to handle the assignment of authorizations via roles. In particular, the nomenclature of specially created roles must be clearly defined. It should therefore be checked whether all changes since the last audit have been documented in the written authorization concept. After all, this document serves the auditor as a template for the so-called target/actual comparison. This means that the auditor compares the document with the actual status in the SAP® system for the main topics relevant to the audit. Any discrepancy can lead to a finding that must be avoided.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
The EWA and SOS shall carry out eligibility tests, the results of which shall always be as follows: The heading indicates the check in question.
In such cases, you need to create validation at the appropriate times.