Security Automation for SAP Security Checks
ICS for business processes in SAP systems
The customising objects you have just created are now integrated into your own IMG structure. To do this, open the SIMGH transaction again, call your structure in Change mode, and paste it under the previously created folder by selecting Action > Insert a Level Lower. You should already create a documentation of the same name with the installation of the Customising objects. To do this, select the Create button on the Document tab and write a text to save it and then activate it.
When it comes to preparing for the auditor, it should definitely be checked whether all critical authorizations, as well as the important parameters, have been correctly assigned or set up in SAP®. The specifications for this should all be defined in the authorization concept documented in writing and must also be consistent with this. In this context in particular, however, it is not always easy to check all the essential points using the SAP® standard on-board tools. This is where the experienced auditors at IBS Schreiber GmbH can provide support.
Authorization objects of the PFCG role
Always make sure you use the latest version of the Note Assistant. To do this, look for SAP hints about the BC-UPG-NA component in the system recommendations. We also recommend that you perform the security patch process as part of a release or support package upgrade to avoid additional testing by security advisories already released at the time of the upgrade.
Reasons for incorrect organisational levels are values that have been manually maintained in the authorization object itself, instead of using the Origen button, as well as incorrect transports or incorrectly created or deleted organisational levels. Since correct inheritance can no longer occur in such cases, you need a way to reset incorrect values of the organisation levels in the PFCG roles.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
The other systems, including the development systems, must also be included in the risk considerations.
For an overview of the usage data already stored in the system, see the SWNC_COLLECTOR_GET_DIRECTORY function block (GET_DIR_FROM_CLUSTER = X input parameter).