What to do when the auditor comes - Part 1: Processes and documentation
The SAP authorization concept protects transactions, programs, services and information in SAP systems against unauthorized access. Based on the authorization concept, the administrator assigns users the authorizations that determine the actions this user can perform in the SAP system after logging on and being authenticated.
Make sure that reference users are assigned minimal permissions to avoid overreaching dialogue user permissions. There should be no reference users with permissions that are similar to the SAP_ALL profile.
Use table editing authorization objects
Manual addition of authorization objects to roles is sometimes necessary. However, the start authorizations for actions should be generated into the role exclusively via the role menu. For the following evaluations the table AGR_1251 is used, in which to the roles the authorization objects with their values are stored.
SAPconnect uses the S/MIME (Secure/Multipurpose Internet Mail Extensions) standard for signing when sending emails or for verifying and decrypting received emails. S/MIME is supported by most email clients and requires X.509-based certificates.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
The panel menus also simplify the maintenance of permissions to the audit structures.
These tools are generally available for all operations in the SAP system, not just for role maintenance.