Unclear objectives and lack of definition of own security standards
What to do when the auditor comes - Part 1: Processes and documentation
Since 2001, SAP has been working with the German-speaking SAP user group (DSAG e. V.) Model rolls for tax inspectors developed and revised over the years. The role definition reflects an interpretation of the DSAG of the concept of tax-relevant data.
The requirements for the architecture of authorization concepts are as individual as the requirements of each company. Therefore, there is no perfect template. Nevertheless, there are topics that should be considered in an authorization concept.
Assign SAP_NEW to Test
You can also monitor security alerts from the Security Audit Log via the Alert Monitoring of your Computing Centre Management System (CCMS). The security warnings generated correspond to the audit classes of the events defined in the Security Audit Log. Many companies also have the requirement to present the events of the Security Audit Log in other applications. This requires evaluation by external programmes, which can be done via the XML Metadata Interchange (XMI) BAPIs. You must follow the XMI interface documentation to configure it. You can also use the RSAU_READ_AUDITLOG_ EXTERNAL sample programme as a template. A description of this programme can be found in SAP Note 539404.
For each area, the connection to other modules is the first priority. For example, for the Controlling division, the connection to the Finance division is first established by connecting the accounting area (FI) to the cost accounting area(s). The assignment of the cost accounting area to the result area is then an internal allocation within the controlling. If no allocations are found for certain valid organisational values, one of the two modules or the relevant functional area shall not be used for the organisational units of the enterprise.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Unlike the EWA, the SOS is able to list users that require extensive permissions.
S_BTCH_NAM allows you to schedule programmes under a different user ID.