SAP AUTHORIZATIONS: THE 7 MOST IMPORTANT REPORTS
Reference User
The daily business of an authorization administrator includes the checks and analyses of critical authorizations and combinations in the system. The focus is on users and roles in the respective clients and system rails. The SAP standard report RSUSR008_009_NEW is suitable for this purpose. You must first create corresponding check variants and authorization values for critical authorizations or combinations either using the program itself or transaction SU_VCUSRVARCOM_CHAN. These then correspond to your internal and external security guidelines. You can then run the report with your respective check scope and the corresponding critical authorization or combination variant and check in which roles or users such violations exist. This serves to protect your entire IT system landscape and should be carried out periodically.
Do you want to customise the settings for the Session Manager, Profile Generator and User Care? Use the parameters in the customising tables SSM_CID, SSM_CUST, SSM_COL, PRGN_CUST and USR_CUST. Here we show you the settings for the Session Manager, the Profile Generator or the User Care. How do I merge the user menu from different roles or disable it altogether? How can the generated passwords be adapted to your needs? How can you automatically perform user master matching after role assignments via the PFCG transaction? And how can you prevent assignments from being transported from users to roles? We'll show you how to make these settings.
General considerations
The authorisation trace is a client- and user-independent trace. The results of this trace are written in the USOB_AUTHVALTRC table and can also be viewed in the STUSOBTRACE transaction by clicking the Evaluate button. This trace data can be used by developers to maintain the permission proposal values in the transaction SU22 (see also Tip 40, "Using the permission trace to determine suggested values for custom developments").
You want to maintain suggestion values for existing applications, but are you tired of the time-consuming manual maintenance? There's a new way! Maintenance of proposed values can vary greatly depending on company specifications or security guidelines. Depending on the requirements, the suggested values provided by SAP may be sufficient or need to be supplemented.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
For some time now, SNC is freely available without a SSOMechanism (SSO = Single Sign-on) for SAP GUI and the RFC communication of all SAP NetWeaver customers.
Authorizations regulate the access of system users to system data and are therefore a fundamental prerequisite for the use of records and case management.