Permissions with Maintenance Status Changed or Manual
Implementing Permissions Concept Requirements
In an SAP® system, authorizations are not the only focus of the auditor. Essential system parameters are also part of the audit. For this reason, it should also be ensured in advance that all parameters are set up in accordance with the company's specifications. The parameters concerned are all those that ensure system and client security. Among other things, it must be ensured that the production system is protected against any kind of changes and therefore no direct development is possible.
Two equal permissions that meet the first maintenance status condition are also combined when all the values of the two permissions differ in one field or when a permission with all its fields is included in the other. However, if there are open permission fields in a permission, they will not be combined unless all permission fields in the permission values are the same.
What to do when the auditor comes - Part 1: Processes and documentation
Roles can be cut so that, for example, they only have display or change permissions. Furthermore, it could be differentiated between customising, master data and movement data maintenance.
As a result, you will get an advanced IMG structure, in our example FF Log settings, which you can access via the transaction SPRO. Finally, you could use the transaction COAT (see SAP Note 1089923) to assign additional attributes to your own tables and reports, for example. For example, this could be relevant for the tax audit and final reports or performance critical.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Up to now, you have had to perform various evaluations with the reports RSUSR200 and RSUSR002 of the user information system (transaction SUIM) and subsequently edit the lists.
Conversely, you cannot use an existing transaction role in the menu as a customising role.