Compensating measures for segregation of duties conflicts
In general, we recommend you to use strong encryption mechanisms and to switch most users to an SSO login. You should then delete the hash values of the user passwords as described above. For release-dependent information on SNC client encryption, see SAP Note 1643878.
Another special feature of the role menu is the maintenance of object-based navigation. If a call to a transaction has been executed through a button in a Web Dynpro application, you must make the Object-based Navigation settings for the transaction to call. To do this, select the appropriate item in the (F4) Help. You may need to ask the developer of the application for navigation information.
Excursus Special feature for authorizations for FIORI Apps under S/4HANA
Then run step 2c. Here too, there are new features. You will be shown a selection of the roles to match again. However, you have the possibility to perform a simulation of the mixing process via the button Mix. This allows you to see which permissions would be changed in the roles without actually doing so. For more information, see Tip 44, "Compare Role Upgrade Permissions".
The security of an SAP system is not only dependent on securing the production system. The development systems should also be considered, since here it is possible to influence the productive system via changes to be transported in the development environment and in customizing or via inadequately configured interfaces. Depending on the conceptual granularity of responsibilities in the development and customizing environment, more detailed authorization checks may need to be performed.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
The general authorizations are quite normal authorization objects in SAP HCM, which regulates the access to PA/PD infotypes (tables PAnnnn / HRPnnnn), clusters for the own person or for other persons.
In addition, the auditor examines whether the four important concepts of SAP Security, namely the data ownership concept, the proprietary development concept, the authorization concept and the emergency user concept, meet the requirements.