Assignment of critical authorizations and handling of critical users
View system modifiability settings
All permission checks are issued in table form as an ALV list. You can sort or filter this list by column. Furthermore, all the new features of the transaction ST01, which we listed at the beginning of this tip, have been applied for evaluation. Double-clicking on a authorization object will direct you to the authorization object definition, and double-clicking on the transaction will direct you to the programme location where the permission check is performed. For more tips on how to use this trace, see Tip 32, "Maintain permission values using trace evaluations," and Tip 39, "Maintain suggestion values using trace evaluations.".
Have you ever wondered who has critical permissions in your system? Have you lacked the tool and approach to identify these users? The user system in an SAP system is always connected to a permission assignment. Over the life cycle of a user in the SAPS system, more and more permissions are accumulated if they are not withdrawn once they are no longer needed. This accumulation is bound to result in users being able to perform more actions than you would like as the permission administrator. To avoid this, we want to give you a suitable tool.
Eligibility proposal values
The report RSUSR008_009_NEW (List of users with critical permissions) is provided starting with SAP Web Application Server 6.20 with the following support packages: Release 6.20, starting with SAPKB62039 Release 6.40, starting with SAPKB64003 You can continue using the old reports RSUSR008 and RSUSR009 until release 6.40. The RSUSR008_009_NEW report is delivered with the old SAI proposals for critical credentials already used in the RSUSR009 report.
The Security Optimisation Service for ABAP contains more security checks than the corresponding section in the EWA. In particular, the number of eligibility checks is higher. A total of 110 eligibility tests are currently defined in the SOS, including 16 critical eligibility tests for HR. The full list of all security checks in the SOS can be found in the SAP Service Marketplace on the page https://service.sap.com/sos via Media Library (Security Optimisation Service > ABAP Checks).
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
After all authorizations are maintained, the role must be saved and generated and a user comparison must be performed.
If ESS/MSS or Manager Desktop etc.