Analyzing the quality of the authorization concept - Part 1
Adjust tax audit read permissions for each fiscal year
Thanks to the new feature provided with the Support Package mentioned in SAP Note 1847663, it is possible to use trace data from the privilege trace in the SU24 transaction for suggestion value maintenance. The system trace that you can call through the ST01 transaction or the STAUTHTRACE transaction (see also Tip 31, "Optimise Trace Evaluation") is a short-term, client-dependent trace that you can restrict to users or applications.
In order to be able to act fully at all times in emergency situations, an SAP emergency user must be available who has all authorizations for the entire SAP system (typically by means of the composite profile SAP_ALL). However, this not only makes him a great help, but also extremely dangerous, so that his use must be precisely regulated via a dedicated concept.
Edit Old Stand
Very often the question then arises, does anything have to be prepared for the audit? As a rule, all of the company's own notes from previous years should be retrieved and combed through for information that was noted at the time during the discussions with the IT auditor. The IT auditor's findings and comments that show potential for improvement in IT-relevant processes or system settings are particularly essential. Furthermore, any reports by the auditor from the previous year should also be taken into account, in which deficiencies identified at that time were pointed out.
Users' favourite lists provide valuable information about the transactions they use. With the knowledge of the favourites, you can therefore avoid gaps in your authorisation concept. In the SAP system, each user has the ability to save frequently used functions as their own favourites. In practice, we have found that this feature is very often used by users. If you create a new permission concept, it is useful to include the favourites in the viewing. Because the favourites don't just store used transactions over and over again, but also transactions that users use only occasionally. These occasional transactions could be quickly forgotten when redesigning a eligibility concept. Therefore, we always recommend that you match the transactions you have considered with the favourites stored in your system.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Save your input.
Once the programme implementation and documentation have been completed, a functional test will always follow.