Check for permissions on the old user group when assigning a new user group to a user
Using suggestion values and how to upgrade
When it comes to preparing for the auditor, it should definitely be checked whether all critical authorizations, as well as the important parameters, have been correctly assigned or set up in SAP®. The specifications for this should all be defined in the authorization concept documented in writing and must also be consistent with this. In this context in particular, however, it is not always easy to check all the essential points using the SAP® standard on-board tools. This is where the experienced auditors at IBS Schreiber GmbH can provide support.
S_PROJECT authorization object: The S_PROJECT authorization object enables you to work with customising projects. You can modify, view or delete projects, maintain status information, project documentation, and perform project evaluations.
Object S_BTCH_NAM and S_BTCH_NA1 (use of foreign users in Steps)
Before you start and define critical permissions, you should identify your core business processes or functions and then map the conflicting processes in meaningful combinations as so-called risk. The RSUSR008_009_NEW report cannot replace a GRC system (GRC = Governance, Risk, and Compliance) with the SAP Access Control component. Rather, this report should be understood and used as an indicator of the current system state. The report identifies the users that have the critical permission combinations defined in the USKRIA table. The identifier, which can also be called a risk ID, describes a combination of authorization objects with field names and field values. These are linked to one of the two operatives AND or OR available.
SAPCPIC: SAPCPIC is not a dialogue user, but is used for EDI usage in older releases (EDI = Electronic Data Interchange); in default, SAPCPIC has permissions for RFC access. However, you should not use this user for them, nor for batch processes, but you must create other users for these applications. Safeguard measures: Lock down the user, change the password, assign it to the SUPER user group and log it with the Security Audit Log.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
In our example, these are the BKPF and BSEG structures and the system variables.
The valid programmes or transactions are stored in the SAP TPCPROGS delivery table, but do not follow a uniform naming convention.