Protect Passwords
Compensating measures for segregation of duties conflicts
To release jobs - own jobs or jobs of other users - a permission for the object S_BTCH_JOB with the expression JOBACTION = RELE is still required. In running operations, scheduled batch jobs may be cancelled because a step user is deleted or locked. With the help of the BTCAUX09 programme, you can check jobs as an administrator to see if they can be cancelled in the future. If you want to run these jobs under another step user, you can change them either with the transaction SM37 or with the report BTC_MASS_JOB_CHANGE.
When the FIORI interface is called up, different roles (Fiori groups) are associated with factually related FIORI tiles. As an example, here is the group Master Data in which the FIORI tile "Manage Cost Center" can be found.
Maintain proposed values using trace evaluations
Adapting business processes to legal requirements requires control of users and authorizations. Manage your compliance control permanently without risks. Manage users and their authorizations in all SAP systems centrally and efficiently with our solution for your SAP authorization management: Automatically generate authorization roles for users and assign them.
In the PRGN_CUST table, set the customising switch REF_USER_CHECK to E. This prevents you from using other types of users than reference users. This switch only affects new mappings; You should manually clean up any existing mappings of other user types.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
If developer keys are still relevant in the existing SAP release, the existing developer keys in table DEVACCESS should first be checked and compared with the users intended for development.
When you mix roles, either after upgrading or during role menu changes, changes are made to the permission values.