Error analysis for authorizations (part 1)
Maintain batch job suggestion values
Before you can start upgrading the suggestion values and roles, you need to consider a few things. SAP Note 1539556 lists all questions and answers about the administration of proposed values. Already at the start of the transaction SU25 you will be alerted in a pop-up window to the SAP notice 440231 (upgrade preparation for the profile generator). This note provides information on recommended revisions for certain SAP base versions and recommendations for additional guidance, which are listed in the Annexe.
After activation, advanced security checks are available in the usual development environment within the ABAP Test Cockpit. The ABAP Test Cockpit is a graphical framework for developers. Various test tools, such as the Code Inspector or the SAP Code Vulnerability Analyser, can be integrated into this. All available test tools can be initiated from this central location and present their results in a common view. No training is required to intuit the tool.
Include customising tables in the IMG
Once the programme implementation and documentation have been completed, a functional test will always follow. A corresponding eligibility test should not be forgotten. The permission test must include both a positive and a negative permission test.
Once you have identified the organisational features to consider, verify that you can redesign the existing roles so that the organisational features can be clearly maintained by use. This leads you to a concept in which functional and organisational separation is simply possible. However, it will end up with a larger amount of roles: Roles posting/investing, changing roles, reading roles. Such a concept is free of functional separation conflicts and is so granular that the organisational characteristics can be pronounced per use area.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
However, an RFC call does not prompt the user to change the password.
The values that were actually deleted and added can be seen in the columns from Value to Value (see figure next page).