Set password parameters and valid password characters
Audit Information System Cockpit
Critical permissions are permissions that allow you to view or modify security-related configurations in the SAP system, or perform activities that are critical from a legal or business perspective. This also includes access to sensitive data, which are e.g. personal. Critical permissions are really critical in themselves and pose a risk only if they get into the wrong hands. In any case, when using critical permissions, you should observe the principle of restricting rights. There are no general definitions of risk; Therefore, each company should define the compliance requirements for itself. Identifying critical SAP permissions is an important task and should be performed in every company. Particular attention should be paid not only to the award of transactions but also to the value characteristics of each of the eligible objects. It is important to mention that preventive regular inspections do not have to be burdensome. However, they will lead to greater transparency and security.
If you have developed your own permission checks to use them in your own programmes or to make extensions to the SAPS standard, it is essential that you maintain the Z authorization objects as suggestion values for the respective applications. Thus, they do not have to be reworked manually in the respective roles. In addition, you have created a transparent way to document for which applications your customer's permissions are available. Last but not least, a well-managed suggestion value maintenance helps you with upgrade work on suggestion values and PFCG roles. This ensures that your changes and connections to the respective PFCG roles are retained and new permissions checks for the new release are added to the applications.
Maintain generated profile names in complex system landscapes
If it is clear that a cleanup is necessary, the first step should be a detailed analysis of the situation and a check of the security situation. Based on these checks, a redesign of the authorizations can be tackled.
As a result, you will get an advanced IMG structure, in our example FF Log settings, which you can access via the transaction SPRO. Finally, you could use the transaction COAT (see SAP Note 1089923) to assign additional attributes to your own tables and reports, for example. For example, this could be relevant for the tax audit and final reports or performance critical.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Once you have created the individual roles with the correct role menu, you can assign them to a collection role.
To do this, he passes the complete record per document line and expects it to be enriched back.