User Information System (SUIM)
Use usage data for role definition
Every large company has to face and implement the growing legal requirements. If the use of an authorization concept is to be fully successful on this scale, the use of an authorization tool is unavoidable. For medium-sized companies, the use of an authorization tool is usually also worthwhile. However, decisions should be made on a case-by-case basis.
This solution is only available with a support package starting with SAP NetWeaver AS ABAP 7.31 and requires a kernel patch. For details on the relevant support packages, see SAP Note 1750161. In addition, the SAP Cryptographic Library must be installed; but this is ensured by the required kernel patch. Only if you have manually made a different configuration, you must check this requirement.
Introduction & Best Practices
It's never too late to rethink your authorization concept. Start by defining the objective of each role and take advantage of the reporting offered in SAP SuccessFactors.
Certain permissions that are not relevant until a job step is run are checked at the time of scheduling for the specified step user. This checks whether the selected user is authorised to run the specified ABAP programme or external command. For programmes associated with a permission group, the S_PROGRAM object is checked. External commands test for the object S_LOG_COM.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
You can also use the RSAU_READ_AUDITLOG_ EXTERNAL sample programme as a template.
SAP authorizations are not exclusively an operational issue - they are also essential for risk management and compliance and represent one of the key audit topics for internal auditing and auditors.