View system modifiability settings
Unclear objectives and lack of definition of own security standards
The AIS cockpit is currently in pilot delivery without SAP default audit structures. Once these are available, they are listed in SAP Note 1856125. Prior to the re-conversion of the AIS to thematic audit structures, the AIS standard roles of the role-based care environment were copied into the customer name space and assigned to the users. You can also use the AIS default roles as a template for custom area menus.
Typically, this includes permissions that can be used to delete change records in the system or electronically erase them. The traceability of changes is also important in the development system, which is why the authorizations listed below should only be assigned very restrictively or only to emergency users.
Optimise trace analysis
S_PROJECT authorization object: The S_PROJECT authorization object enables you to work with customising projects. You can modify, view or delete projects, maintain status information, project documentation, and perform project evaluations.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
If you want to export the movement data of the productive system to a development system, you should first export user master records and the permission proposal values and archive the complete change documents. After importing, you can then delete the imported change documents, in analogy to the client copy, and then reload and index the original change documents of the development system. The activities described here require administrative permissions for the change documents (S_SCD0 and S_ARCHIVE) and, if applicable, for the table logs (S_TABU_DIS or S_TABU_NAM and S_ARCHIVE). These permissions should be considered critical, and you should assign them to a small circle.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
You can use the roles as a template for your own roles and adapt them to your requirements.
You can now create different authorization objects for the key numbers and characteristics, or you can group the relevant fields into a authorization object.