Automatically pre-document user master data
Implementing the authorization concept in the FIORI interface
If these issues are not taken into account during a conversion, there will be an imbalance between the system and the components to be protected, since the change in the system constellation means that new components, such as those mentioned above, must also be taken into account. Otherwise, a company may suffer economic damage and the resulting damage to its image. Furthermore, neglect of legal requirements (BDSG, DSGVO, GOB, HGB, etc.)1 can lead to legal measures or steps.
New AP implementation, S/4HANA conversion or redesign of an SAP authorization concept - the complexity has increased enormously and requires a clear structure of processes, responsibilities and the associated technical implementation. New technologies such as Fiori and Launchpads are challenges and reasons to rethink authorization structures.
Set up permission to access Web Dynpro applications using S_START
If it is clear that a cleanup is necessary, the first step should be a detailed analysis of the situation and a check of the security situation. Based on these checks, a redesign of the authorizations can be tackled.
When considering the security of SAP transport landscapes, it is not only the production system that is relevant for auditing. The other systems, including the development systems, must also be included in the risk considerations. The SAP_ALL profile is still frequently used there instead of concrete roles. This article identifies the main risk areas.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Note in this context also Tip 73 "Use authorization objects for table editing" and the S_TABU_NAM authorization object presented there.
If the standard objects do not meet the desired requirements, the programmer can create his own authorization objects that contain the required authorization fields.