Security within the development system
Increased compliance requirements and the design of internal control systems confront companies with an increasing number of rules on how SAP (and other IT) systems must be technically protected. The SAP authorization concept specifies such legal standards and internal company rules. This ensures that each user only receives the authorizations he or she needs for his or her activities. The business risk can thus be reduced to a minimum.
The first step is to create an IMG project. You can create a new project or edit an existing project to create a customising role. To do this, call the SPRO_ADMI project management entry transaction. If a suitable project is not available, you can view the list of SAP customising activities. To do this, click the SAP Reference-IMG button or create a new project. To do this, select the Create Project button ( ) or the (F5) button. A new window will open, where you enter the project name. Note that you have a maximum of ten characters for the name. Once you have confirmed your input, a new screen will open. The General Data tab allows you to specify users, project managers, project times, and the language for the information texts.
How to analyze roles and authorizations in the SAP system
We would like to point out that after defining and implementing a authorization object, you should no longer change the permission field list, as this will cause inconsistencies. Once you have determined that you want to add more fields to your check, assign your authorization object to the AAAA object class and create a new authorization object.
The other fields in the SMEN_BUFFC table describe the structure of the favourites, where the OBJECT_ID field is the unique key of the favourite entry. In the PARENT_ID field, you will find the parent item's object ID, and the MENU_LEVEL field describes the level of the entry in the favourite folder structure. You can read the order in which the favourite entries are sorted from the SORT_ORDER field.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
Single Role: Enables the automatic generation of an authorization profile.
All documentation should be provided with the essential information (creator, date, version, etc.) and be in a format that cannot be changed (usually PDF).