Mitigating GRC risks for SAP systems
Centrally view user favourites
At the latest, if it is no longer possible to clearly define which transactions should be included in which roles and which roles a user requires, a correction is necessary. It must be clear which rights are required for the individual tasks in the system.
Authorization tools are a great help in designing a highly automated compliance management system that precisely fits the company's own requirements. The introduction of authorization tools takes some time, but should nevertheless be tackled by companies in order to increase efficiency in the long term and save costs at the same time.
Limitations of authorization tools
Before using the system recommendations, we recommend that you implement the corrections in SAP Notes 1554475 and 1577059. It is also necessary that the systems to be managed are connected to the SAP Solution Manager and that in the transaction SMSY were assigned to a productive system and an SAP solution. Then, in the System Recommendations settings, schedule a background job that collects the relevant information about the attached systems. Relevant information is your release and support package stand, as well as SAP notes and their versions. An OSS connection from the SAP Solution Manager, which you have to set up beforehand, will then perform a calculation in the SAP Global Support Backbone, which will determine the necessary information, i.e., that the SAP Solution Manager itself hardly generates any load from the calculation. To automatically check the security level of your systems, you should also schedule this calculation as a background job.
When copying the values to the Clipboard, note that only those values that you have previously marked will be copied to the Clipboard. The value intervals that can be maintained in the permission field values are separated by a tab stop, which is stored on the Clipboard.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
In general, you should note that not all relevant change documents of a system are present in the user and permission management.
Use the Active/Inactive column to determine if the permission has been disabled.