Testing Permission
Hash values of user passwords
When considering the security of SAP transport landscapes, it is not only the production system that is relevant for auditing. The other systems, including the development systems, must also be included in the risk considerations. The SAP_ALL profile is still frequently used there instead of concrete roles. This article identifies the main risk areas.
In line with the maintenance of the SAP transaction permissions proposal values using the SU22 and SU24 transactions, it is advisable to maintain proposed values for web applications. In order for a user to be assigned a suitable rating for an operational feature set in the Web application, the software developers in the transaction SU22 must connect all the authorization objects required for this application to the corresponding Web Dynpro application, i.e. not just S_START. The source of the required authorization objects is usually a developer or permission trace.
Use application search in transaction SAIS_SEARCH_APPL
The Enable Transport Recording button allows you to save the changes in the roles on a transport order. For information on the validity of the PFCG_ORGFIELD_ROLES report, see SAP Note 1624104.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
Especially in complex and multi-level system landscapes, roles may be assigned to a user twice. In addition, roles may also have expired due to the specification of a validity period. To keep your role concept and your user administration maintainable and clean, it is recommended to delete these obsolete roles. You can do this by clicking on the report PRGN_COMPRESS_TIMES. This program is also available via the PFCG under the system tab "Utilities" and category "Mass adjustment".
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
While it remains possible to assign the full RFC_SYSID, RFC_CLIENT, and RFC_USER permissions in principle; However, this can only be done manually in the PFCG transaction through the dialogue maintenance of the fields.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
In the case of delimited responsibilities within customizing (e.g. FI, MM, SD, etc.), attention should therefore be paid here to an appropriate delimitation within the table authorizations.