Maintain generated profile names in complex system landscapes
Basic administration
Configuration validation is a tool that allows systems to be tested against corporate or organisational requirements and regulations. You can find this tool in the Change Management section of the SAP Solution Manager. This allows you to evaluate security-relevant configurations and critical permissions. This is based on the SAP Solution Manager's Configuration and Change Database (CCDB), which stores all details about the configuration of the connected systems. The configuration data is stored in different configuration stores, depending on the type of configuration. You can evaluate the configuration of the operating system, the database, and profile parameters in the ABAP and Java systems. You will also get an overview of the status of transport orders and support packages. You can also track changes to the configurations of the attached systems in the CCDB. You can also graphically evaluate these changes via an end-to-end analysis in SAP BW; contains information on the number of changes per system, the type of changes and the modification date.
After clicking on this button, you will see the current ZBV status in the area of the same name and can release the selected system from the ZBV via the Run button. ZBV is no longer active for this subsidiary system. To avoid inconsistencies in the user master kits, you must reconcile the users in the daughter system after the ZBV is activated. You can do this in the transaction SCUG and transfer user data from the subsidiary system to the central system. Information on the technical requirements can be found in SAP Note 962457. To disable the ZBV completely, use the RSDELCUA report or the Delete button in the transaction SCUA. With this function you have the possibility to delete either only certain subsidiary systems from the ZBV or the complete ZBV.
What to do when the auditor comes - Part 2: Authorizations and parameters
You must enable a role that you have created as a Design-Time object in the Design Time Repository before it can be associated with a user. To do this, use Project Explorer to select the role you want to enable and select Team > Activate from the shortcut menu. This will create a runtime object of this selected SAP HANA role. This object is also understood as a catalogue object and is incorporated in the Roles branch in the corresponding SAP HANA system.
To use the trace data from the USOB_AUTHVALTRC table, first go to the change mode and then either click the SAP Data button or select Object > Add Objects from Trace > Local. The found authorization objects are imported from the table, but are not yet marked with any suggestion values. To maintain the suggestion values, click the Trace button. In the window that opens, select one of the new authorization objects and then select Trace > Permissions Trace > Local. The checked permission values will now be displayed. To apply these values, select Y Yes in the Suggest Status combo box and select the values you wish to display in the right pane of the window. Then click Apply. After confirming your entries, you confirm the Permissions field maintenance in the Permissions proposal maintenance by clicking on the green checkmark, so that the status of the Permissions object is green (maintained). Also continue with other authorization objects.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
The function block is used to write the usage statistics to a temporary table, from which you can extract the data for further use.
In spite of automated evaluations, external auditors often also demand an activation of the Audit Information System (AIS).