Dissatisfaction and unclear needs in the process
Set Configuration Validation
Every action of the emergency user must be traceable, which requires the appropriate configuration of logging components such as the Security Audit Log. After the event, all log files are always evaluated and all details are recorded in documentation. It is also possible to specify in the concept that, in the event of an emergency, extended authorization may be granted to other selected users; this is up to the company to decide.
The daily business of an authorization administrator includes the checks and analyses of critical authorizations and combinations in the system. The focus is on users and roles in the respective clients and system rails. The SAP standard report RSUSR008_009_NEW is suitable for this purpose. You must first create corresponding check variants and authorization values for critical authorizations or combinations either using the program itself or transaction SU_VCUSRVARCOM_CHAN. These then correspond to your internal and external security guidelines. You can then run the report with your respective check scope and the corresponding critical authorization or combination variant and check in which roles or users such violations exist. This serves to protect your entire IT system landscape and should be carried out periodically.
System trace function ST01
For an overview of the active values of your security policy, click the Effective button. Note that not only the attributes you have changed are active, but also the suggestion values you have not changed.
In both cases the transaction S_BCE_68001410 is started. Here you can search for an authorization object by authorization object, authorization object text, object class and other options.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Here, it should be ensured that the parameters are also set up in accordance with the company's specifications.
The chapter on role concept explains how business requirements are transferred to a technical role.