Use usage data for role definition
SAP S/4HANA® migration audit
The SAP Code Vulnerability Analyser can be used to scan both custom on-premise and on-demand applications programmed in ABAP. The SAP Code Vulnerability Analyser is included with SAP NetWeaver AS ABAP 7.02; an installation is not necessary. For details on the relevant support packages, please refer to SAP Notes 1921820 and 1841643. You do not need additional servers or additional administration. You can activate the SAP Code Vulnerability Analyser with the RSLIN_SEC_LICENSE_SETUP report, but you have to pay additional royalties for it.
You can use authorization objects to restrict access to tables or their content through transactions, such as SE16 or SM30. The S_TABU_DIS authorization object allows you to grant access to tables associated with specific table permission groups. You can view, maintain, and assign table permission groups in transaction SE54 (see Tip 55, "Maintain table permission groups"). For example, if an administrator should have access to user management tables, check the permission status using the SE54 transaction. You will notice that all the user management tables are assigned to the SC table permission group.
System Users
Access to personal data in a company is a sensitive issue. It is essential to manage this access securely and to be able to provide information at any time about who has access to the data, when and in what way - and not just for the sake of the auditor. For this reason, the topic of SAP authorizations is a very important one, especially for the HR department.
This list in the AGR_1252 table contains both the organisational fields that are shipped in the standard and the fields that you have collected for organisational fields. Unfortunately, the list does not indicate what kind of organisation field it is. But you can find out: Open the PFCG_ORGFIELD_DELETE programme via transaction SA38. The Organisation Level Value Helper (Orgebene) provides a list of all customer-specific organisation fields, because only these can be converted back to normal Permissions Object Fields. Note the implications if you want to actually run this programme.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
Like all other security issues, SAP authorizations must be integrated into the framework used.
This folder structure can also be found in the SMEN_BUFFC table.