Use SAP_NEW correctly
AUTHORIZATIONS IN SAP SYSTEMS
In addition to SAP standard software, do you also use custom ABAP programmes? Learn how the SAP Code Vulnerability Analyser can scan your customer code for potential security vulnerabilities and resolve them if necessary. Permission concepts, firewalls, anti-virus and encryption programmes alone are not enough to protect your IT infrastructure and IT systems against internal and external attacks and misuse. Some of the risks are identified by potential security vulnerabilities in the ABAP code, most of which cannot be addressed by downstream measures and therefore need to be addressed in the code itself. It should also be noted that the permission concepts used can be circumvented by ABAP code, which underlines the weight of security vulnerabilities in the ABAP code. While SAP is responsible for providing security information to help close security vulnerabilities in standard code, it is up to you to address security vulnerabilities in custom ABAP programmes. Companies are subject to a whole range of legal requirements on data protection and data integrity, and you can fulfil them as far as possible with the help of a new tool. The SAP Code Vulnerability Analyser is integrated into the ABAP Test Cockpit (ATC) and thus available in all ABAP editors such as SE80, SE38, SE24, etc. Developers can use it to scan their code for vulnerabilities during programming and before releasing their tasks. This reduces testing costs and costs.
Since at least developers in the development system have quasi full authorizations, as mentioned above, concrete access to a critical RFC connection can therefore not be revoked. Since RFC interfaces are defined for the entire system, they can be used from any client of the start system. Existing interfaces can be read out via the RFCDES table in the start (development) system.
Handle the default users and their initial passwords
Configuration validation gives you an overview of the homogeneity of your system landscape. Typical criteria are operating system versions, kernel patch levels, and the status of specific transport jobs or security settings. The following security settings can be monitored using configuration validation: Gateway settings, profile parameters, security notes, permissions. As part of the comparison, you can define rules that determine whether the configuration is rule-compliant or not. If the configuration meets the defined values in the rule, it will be assigned Conform status. You can then evaluate this status through reporting.
In this case, please note that you may need to replace the SS table permission group with other table permission groups. This is required if you have entered a different table permission group when maintaining the table permission groups, for example, for the T000 table.
Authorizations can also be assigned via "Shortcut for SAP systems".
This is not possible for SAP NetWeaver and SAP ERP HCM authorization objects, i.e. it does not apply to S_TCODE checking.
In general, however, you will need to translate a large number of role texts in these scenarios; Therefore, in the second section we will explain how you can automate the translation using the LSMW (Legacy System Migration Workbench) transaction and will discuss how to set up a custom ABAP programme.