Checking at Program Level with AUTHORITY-CHECK
User and authorization management
A universally applicable template for a reliable and functioning authorization concept does not exist due to the individuality and the different processes within each company. Therefore, the structures of the company and the relevant processes must be analyzed in detail during the creation process. Some core elements of the authorization concept to be created can be defined in advance. These include the overarching goal, the legal framework, a naming convention, clarification of responsibilities and process flows for both user and authorization management, and the addition of special authorizations. Only with clearly defined responsibilities can the effectiveness of a concept be guaranteed.
However, a full SAP security audit does not end here. In addition, the auditor examines whether the four important concepts of SAP Security, namely the data ownership concept, the proprietary development concept, the authorization concept and the emergency user concept, meet the requirements. Each of them should represent a fully formulated document that, on the one hand, contains all the target specifications for the respective topic and, on the other hand, is consistent with the actual state found during the audit.
Take advantage of roll transport feature improvements
The direct consequences are overauthorized users, a lack of overview and dangerous security gaps. In order to get the system back on track in the long term, a redesign is usually the most efficient solution. Depending on the requirements and project framework, we also rely on proven software solutions from our partners.
When assigning a new user group to a user, only the creation permission in the new user group is required. Alternatively, you can enable the check for activity 50 (Move) of the S_USER_GRP authorization object. In the USR_CUST table, set CHECK_MOVE_4_CNG_GRP to YES.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
Every company is familiar with the situation every year when the auditor arrives to perform the annual audit and to certify the balance sheet at the end of the audit.
We show you how to bring order to external services.