Do not assign SAP_NEW
Handle the default users and their initial passwords
In both cases the transaction S_BCE_68001410 is started. Here you can search for an authorization object by authorization object, authorization object text, object class and other options.
With regard to the SAP authorization system, roles and the associated authorization objects, fields and values represent the foundation. Therefore, these check criteria are in the special focus of the authorization analysis of security-relevant characteristics of each authorization administrator. The report RSUSRAUTH is used to display role or authorization data in the respective client. The report analyzes all role data that are anchored in the table AGR_1251. This allows you to quickly find and clean up incorrect and security-critical authorizations not only by selecting the maintenance status of the authorizations, but above all by storing certain authorization objects and controlling them. This ad hoc analysis thus offers you a time-saving method of checking many roles at once according to your own critical characteristics. You can then make full use of this program by importing SAP Note 2069683.
Authorization concept - user administration process
HR authorizations are a very critical issue in many companies. On the one hand, HR administrators should be able to perform their tasks - on the other hand, the protection of employees' personal data must be ensured. Any error in the authorization system falls within the remit of a company's data protection officer.
For an overview of the active values of your security policy, click the Effective button. Note that not only the attributes you have changed are active, but also the suggestion values you have not changed.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
The EWA does not only contain security-related tests and is therefore divided into different sections (e.g. hardware, performance).
If the user does not have permission to access the object, his request is rejected.