Use usage data for role definition
System Security
The case that the user buffer is not up to date is very rare. The auth/new_buffering profile parameter sets the value 4 to immediately update the permissions, i.e. changes to the user root or roles or profiles, and write them to the USRBF2 database table without requiring a new login. This value is set by default. The fact that the buffer is not up-to-date is recognised by the fact that existing permissions that are not in the buffer are marked in the transaction SU56 with the note "In the root data but not in the user buffer".
Protect your system from unauthorised calls to RFC function blocks from the S_RFC authorization object by obtaining the necessary permissions using the statistical usage data. In many organisations, the primary focus in the permission environment is on protecting dialogue access. For each required transaction, you decide in detail which groups of people are allowed access. It is often overlooked that the critical S_RFC privilege object requires an analogue permission assignment. If the RFC (Remote Function Call) external access permissions are unneatly defined and assigned to the users, the S_TCODE authorization object quickly bypasses the primary protection for bootable applications.
Permissions with Maintenance Status Used
An overview of the actual relevant information for your system landscape can be obtained from the application System recommendations in the Change Management section of the SAP Solution Manager (transaction SOLMAN_WORKCENTER or SM_WORKCENTER). This application will provide you with a recommendation for the SAP and non-SAP hints to be implemented for the evaluated systems.
Increased compliance requirements and the design of internal control systems confront companies with an increasing number of rules on how SAP (and other IT) systems must be technically protected. The SAP authorization concept specifies such legal standards and internal company rules. This ensures that each user only receives the authorizations he or she needs for his or her activities. The business risk can thus be reduced to a minimum.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
However, the customising of the CRM business role may be updated.
In doing so, we analyze your existing workflows and processes and work out optimization potentials.