Prevent excessive permissions on HR reporting
Testing Permission
The S_START boot authorisation check is delivered inactively by SAP. If this test is activated in an AS-ABAP installation (see also SAP Note 1413011), this will affect all clients. Therefore, before you activate, it must be ensured that all affected users in the permission profiles associated with them have the necessary values in the S_START permission fields.
Over the course of time, many companies experience profound changes in the framework conditions that significantly influence SAP® authorization management. Not uncommon are subsequent requirements from the area of compliance (SOX or similar) or the increased need for protection.
Limit character set for user ID
If you no longer need old audit results, you can archive or delete them with the transaction SAIS via the button (Administration of the Audit Environment). The audit results shall be selected on the basis of the audit structures, the test numbers or the entry date (see figure next page).
In SAP systems, authorization structures grow over the years. If, for example, there is a restructuring in the company or there are new organizations, there is a risk that the authorization concept no longer fits or is implemented correctly.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
Step 2d (Show Modified Transaction Codes) lists all roles that have been found to use an old transaction code.
Anyone who owns valuable personal property assumes responsibility for it - just like a landlord, for example.