User and authorization management
Understanding SAP HANA Permissions Tests
The assignment of the SAP_ALL profile is not required for the operation of an SAP system; therefore, a yellow icon will appear for the first check once a user has assigned the profile. For the other six checks on critical base permissions, the yellow icon will be displayed when a client is found on the system and at least one of the following two conditions applies: More than 75 users have the permission checked in this check. More than 10% of all users have the permission checked in this check, but at least 11 users.
The SAP Solution Manager is the central platform for all technically supported services, because information about the connected systems is available when you schedule data collections for these systems via background jobs. The documentation for the safe operation of SAP systems is compiled in the SAP End-to-End Solution Operations Standard for Security (Secure Operations Standard). It provides an overview of security aspects of SAP operations and is designed to guide you through the available information and recommendations and to refer you to relevant content.
User Interface Client Permissions
You should then enable the latest version of the hash algorithms by setting the login/password_downwards_compatibility profile parameter to 0. This is required because SAP systems maintain backward compatibility by default. This means that, depending on your base release, either the new hash algorithms will not be used when storing passwords, or additional outdated hash values of passwords will be stored. You should then check to see if there are any old hash values for passwords in your system and delete them if necessary. Use the report CLEANUP_PASSWORD_HASH_VALUES.
In practice, the main problem is the definition of content: The BMF letter remains very vague here with the wording "tax relevant data". In addition, there is the challenge of limiting access to the audited financial years.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
You will then add node outline to this tree.
With F_FICO_IND you can define which individual conditions are checked when processing the contract depending on the defined authorization fields and their characteristics.