WHY ACCESS CONTROL
Optimization of SAP licenses by analyzing the activities of your SAP users
By clicking on the Registration Data button, you start the RSUSR200 report and you enter the selection mask. This report allows you to select users by login data. You can also determine if a user has changed his initial password. You can select a predefined variant from the catalogue using the button (Get variant) or the key combination (ª) + (F5).
In this article, I show you with which transaction you can easily and quickly run the authorization trace in SAP ERP or SAP S/4HANA. The displayed result provides a good overview of the involved authorizations. In this course, existing roles and profiles in authorization management (transaction PFCG) can be extended. In addition, the authorization trace is useful for maintaining authorization default values (transactions SU22 and SU24).
The critical permissions are defined in these steps: On the Entry screen, select the Critical Permissions button. You will now see two folder pairs in the dialogue tree: - Critical Permissions > Critical Permission - Critical Permission > Permissions Data. In Change Mode in the lower folder hierarchy, double-click the Critical Permission folder, and then select New Entries. In the right-hand pane of the screen, enter the appropriate data for the Eligibility, Text, Colour, and Transaction Code fields. Save your input. When saving, you are asked for a customising job. Please specify it accordingly. Select the entry you just created and double-click to open the Permissions Data folder to maintain the permissions data. Then create a variant. To do this, double-click the Variants to Critical Permissions folder and select New Entries. Enter the name and description of the variant and save your input. Now assign the identifier of the created critical permission to the variant. To do this, select the variant and then double-click in the Variants subfolder to get critical permissions > critical permissions in the input mask. Now click on New Items and select your variant from the list - in our example ZB01. Then save your input. Finally, you can run your report variant with critical permissions. To do this, go back to the RSUSR008_009_NEW entry screen and select the critical permissions option in the variant name pane. Now use the Value Help to select and run the variant you just created.
The most important security services regarding permissions are the EarlyWatch Alert (EWA) and the SAP Security Optimisation Service (SOS). You compare the settings in your SAP systems with the recommendations of SAP. Both services are delivered as partially automated remote services; You can also use the SOS as a fully automated self-service. The EWA and SOS shall carry out eligibility tests, the results of which shall always be as follows: The heading indicates the check in question. A short text describes the importance of the audited entitlement and the risk of unnecessary award. A list indicates the number of users with the validated permission in the different clients of the analysed SAP system. The SOS also allows you to list the users. In the SOS, a recommendation is made for each check to minimise the identified risk. A final formal description represents the checked permissions. However, not only the explicitly mentioned transactions are evaluated, but also equivalent parameter or variant transactions.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
This is based on the proposed authorisation values defined in the transaction SU24, whose maintenance status is standard in the authorisation maintenance.
You can use the BAdI SMIME_EMAIL of the SMIME extension spot and implement the CERTIFICATE_RETRIEVAL and CERTIFICATE_SELECTION methods according to your requirements.