Perform upgrade rework for Y landscapes permission proposal values
Authorizations
The SAP authorization concept must generally be created in two versions: for the ABAP stack and for the Java stack. Which roles are required, which role may call which SAP functions, and other conceptual issues are identical. However, there are fundamental differences between the two versions.
Even more critical is the assignment of the comprehensive SAP® standard profile SAP_ALL, which contains almost all rights in the system. Therefore, it should be assigned to a so-called emergency user at most. The handling of the emergency user should also be specified in the authorization concept, which should be documented in writing. In any case, the activities of the emergency user should be logged and checked regularly. Therefore, it is essential in preparation for the annual audit to check the current, as well as the historical, assignments of SAP_ALL. It is therefore not sufficient to simply quickly remove the SAP_ALL profile from users in the run-up to the annual audit. It must also be proven that the SAP_ALL profile was not briefly assigned for a few days over the audit period. If SAP_ALL assignments did occur, ideally these have already been documented and checked. If this is not the case, it is essential to create documentation that cannot be changed, in which it is proven why the assignment was necessary and that the user has not carried out any critical actions beyond this (filing and review of logging).
Optimization of SAP licenses by analyzing the activities of your SAP users
Dialogue users are intended for use by natural persons who log in to the SAP system via SAP GUI (dialogue login). The dialogue user is therefore the most frequently used user type. The defined password rules apply to him. If the password is set by the administrator, it will get Initial status and must be set by the user at login again to get Productive status.
Wildgrowth of characters used in user IDs can have negative effects. Set a bar on it by limiting the character set in the first place. In the SAP system, depending on the release of the SAP_BASIS software component, you can create users whose names may contain "alternative" spaces. In Unicode systems, there are different spaces, which are represented by different hexadecimal values. The usual space has a hexadecimal value of 20, but there are alternative spaces (wide spaces), which can be recognised, for example, as double width or not at all as character spacing. You can use these alternate spaces when entering the user ID by pressing the Alt key. For example, the key combination (Alt) + 0160 can create a space with a non-breaking space. You can also create a user whose ID consists only of alternate spaces. Users with such IDs will write all change documents, but the IDs can still cause confusion if, for example, they are not recognisable as a user ID or if it appears that no user is displayed for the change document. In addition, certain special characters may cause problems in other applications (e.g. in transport management). Therefore, we will show you how to prevent such problems by limiting the character set.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
However, the greatest advantage is the consistent use of reference users for performance.
This includes the password status, a lock flag, the reasons for the lock, the number of false logins, the user validity periods and the security policies associated with the users.