SAP Authorizations What to do when the auditor comes - Part 2: Authorizations and parameters - SAP Basis

Direkt zum Seiteninhalt
What to do when the auditor comes - Part 2: Authorizations and parameters
Search for user and password locks
When using encryption mechanisms, be sure to prevent access to the personal security environment (PSE) files in the server's file system and database. To do this, create your own table permission group for the SSF_PSE_D table and restrict programmes from accessing the /sec directory in the file system. For details on securing key tables, see SAP Note 1485029.

When copying the values to the Clipboard, note that only those values that you have previously marked will be copied to the Clipboard. The value intervals that can be maintained in the permission field values are separated by a tab stop, which is stored on the Clipboard.
Lock Inactive Users
You have now successfully recorded the blueprint. Now the slightly trickier part follows: The identification of the values to be changed at mass execution. In the editor of your test configuration, at the bottom of the text box, is the record you have created: TCD ( PFCG , PFCG_1 ). Double-click the PFCG_1 interface. On the right, a new detail with the recording details appears. Now you have to look for your input a bit. For example, use the role name entered on the PFCG entry screen (field name 'AGR_NAME_NEW'). Now comes an important step: Replace the values you entered during the recording with a placeholder, a so-called input parameter. To do this, go to the VALIN line and type any parameter name, such as ROLLENNAME, instead of the role name you entered. Click Enter and you will be asked what type of parameter it is. Specify Import and confirm with Yes.

At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.

Another option is to not assign the SAP_NEW permission to a user. For example, during the tests to be performed, both the development system and the quality assurance system will experience permission errors. These should then be evaluated accordingly and included in the appropriate eligibility roles for the correct handling of the transactions.

Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.

Therefore, we will show you the settings you can make when configuring the Security Audit Log.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.

EARLYWATCH: The user EARLYWATCH only exists in the client 066, because it serves the remote maintenance by the SAP support.
SAP BASIS
Zurück zum Seiteninhalt