Identify Executable Transaction Codes
What to do when the auditor comes - Part 1: Processes and documentation
Permissions are often not restricted because there is often no information about how the object should be shaped. The identification of the required functional components is often considered to be too burdensome and the risks from a lack of limitation are considered to be too low.
However, if a company does not have a concept for introducing new SAP authorizations and these are always coupled with new roles, the roles and authorizations will continue to grow. New modules, new processes and new user groups very quickly lead to many authorization groups, numerous authorization roles and complex documentation - even assuming the ideal case that companies have used Excel, for example, for all previous implementations and enhancements and have kept the documentation up to date. What is the purpose of a role? Which user has which authorization? Due to the amount of roles and authorizations, it quickly becomes confusing for users. System performance also suffers as the amount of data increases.
Advantages of authorization tools
Access options and authorizations are defined and controlled in the SAP authorization concept. How secure business data is in SAP depends largely on the assignment of authorizations and access options for a company's users.
Make sure that the client-independent tables for logging are always logged when the parameters are not set to OFF. In addition to the parameters listed here, the table itself must also have the table logging hook set; This is usually done with the help of the transaction SE13. The settings are made in development and then transported to the other systems. The SAP standard already provides some tables for logging; For an overview of these tables, see SAP Note 112388 (tables requiring logging). You can evaluate the logging settings of the tables using the RDDPRCHK report or the RDDPRCHK_AUDIT transaction in the SAP system. The selection is made in the start image of the report, e.g. via the table name or the selection of options for logging.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
This requires evaluation by external programmes, which can be done via the XML Metadata Interchange (XMI) BAPIs.
These are mainly found in the folders of the homepage and under GENERIC_OP_LINKS.