Use AGS Security Services
Law-critical authorizations
Single Role: Enables the automatic generation of an authorization profile. The role contains the authorization data and the logon menu for the user.
Access to personal data in a company is a sensitive issue. It is essential to manage this access securely and to be able to provide information at any time about who has access to the data, when and in what way - and not just for the sake of the auditor. For this reason, the topic of SAP authorizations is a very important one, especially for the HR department.
Query the Data from an HCM Personnel Root Record
The security audit log is evaluated via the SM20 or SM20N transaction or the RSAU_SELECT_EVENTS report. We recommend using the report as you have more options to personalise the evaluation and to include archived logs of different application servers in the evaluation.
Regardless of whether you select the degree of simplification COARS = 1 or 2, you should not enter * or SAPDBPNP (programme name of logical database PNP) in the REPID field. With these values, you allow access to the logical databases SAPDBPNP and SAPDBPAP and thus to all contained root data.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
Of course, this also applies to all Z-tables! As last point of the important parameter settings are those for the definition of the password settings.
Since we do not know the format in which eCATT needs the input values, it is helpful to download it first.