Analyse and evaluate permissions using SAP Query
Archive change document management for user and permission management
As part of the implementation of a security patch process, you will have to evaluate many security advisories, depending on your release and support package status. In this case, you can use the RSECNOTE report or the EarlyWatch Alerts to evaluate which security information has been identified as particularly critical by SAP Active Global Support. Since March 2013, the RSECNOTE report has only been very restricted and therefore contains only a few new safety recommendations. Nevertheless, it provides good guidance for the initial resolution of security gaps.
If the security advice change affects normal programme flow, you should schedule application tests. If only exceptional treatments are adjusted, you can omit or severely limit the test.
First, create an overview of the customising tables currently available in your system. To do this, open the DD02L table and search for tables that start with Y, Z or your specific customer name space. Tables with delivery class C (such as customising, found in column A) are the relevant tables in this context. The descriptive texts to the tables can be found in the table DD02T.
Since at least developers in the development system have quasi full authorizations, as mentioned above, concrete access to a critical RFC connection can therefore not be revoked. Since RFC interfaces are defined for the entire system, they can be used from any client of the start system. Existing interfaces can be read out via the RFCDES table in the start (development) system.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
However, it is not sufficient to focus only on the improvement potentials that have been presented, because it must be ensured that all those points that have not been criticized in the past will continue to fit.
Keep an overview here to identify dependencies and control access permissions in an organisation-specific way.