Dissatisfaction and unclear needs in the process
New AP implementation, S/4HANA conversion or redesign of an SAP authorization concept - the complexity has increased enormously and requires a clear structure of processes, responsibilities and the associated technical implementation. New technologies such as Fiori and Launchpads are challenges and reasons to rethink authorization structures.
In an SAP® system, authorizations are not the only focus of the auditor. Essential system parameters are also part of the audit. For this reason, it should also be ensured in advance that all parameters are set up in accordance with the company's specifications. The parameters concerned are all those that ensure system and client security. Among other things, it must be ensured that the production system is protected against any kind of changes and therefore no direct development is possible.
Evaluate Permission Traces across Application Servers
In many SAP environments, there are historically grown authorization structures that cause unnecessary security gaps. These should be examined closely.
You will be aware that you do not necessarily have to move in the Customer Name Room when assigning names of PFCG roles and therefore have a lot of freedom. The only limitation here is that you may not use the namespace of the roles that are interpreted by SAP. First, you must agree on the form of the names. A fundamental decision is to define the language in which the PFCG roles must be maintained. Although this does not necessarily have an influence on the role name, since it is the same in all languages, you will certainly have descriptive elements in your role name. The role description and the long text are also depending on the language. It is therefore useful to start the roles in the language which is also used most frequently, and also to cultivate the descriptive texts first in this language. If roles are required in different languages, you can translate the texts.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
The RDDPRCHK report allows you to enable table logging for multiple tables; however, it is not possible to disable logging on multiple tables.
These UI components are, technically speaking, BSP applications.