Protect Passwords
Authorization objects of the PFCG role
Please note that depending on the results of the RSUSR003 report, a system log message of type E03 is generated. If a critical feature (stored in red) is detected, the message text"Programme RSUSR003 reports ›Security violations‹"is written into the system log. If no critical feature has been detected, the message"Programme RSUSR003 reports ›Security check passed‹"will be displayed instead. This message is sent because the password status information of the default users is highly security relevant and you should be able to track the accesses. You can grant the User and System Administration change permissions for the RSUSR003 report, or you can grant only one execution permission with the S_USER_ADM authorization object and the value CHKSTDPWD in the S_ADM_AREA field. This permission does not include user management change permissions and can therefore also be assigned to auditors.
Customer and vendor totals statements: The Customer or Vendor Accounting Sum. Rate Tables (KNC1/KNC3 or LFC1/LFC3) do not include the Profit Centre field. Therefore, authorisation control with regard to the profit centre is not possible for evaluations such as the customer and vendor balance lists (transactions FD10N or FK10N).
Change documents
Add SAP Note 1433352 to your system. This note ships with the RSAUDIT_SYSTEM_STATUS report. This report documents the current status of the Client and System Modification Settings in an overview, which you can also print out for evaluation if required. The advantage of this report is that pure display permissions are necessary to execute it.
This report checks the customising of the CRM business role for which the PFCG role is to be created, and writes all area start pages and logical links to a text file in the form of external services. This text file is stored locally in the SAP folder under c:/User//SAP. On the Menu tab of the PFCG role, you can upload this text file from File by selecting Menu > Import.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
Now open the transaction SU24 and you will find your own UIK component as an external service.
If you click on the button "Evaluation" or the F2 key, you can display the evaluation.