Structural authorizations
Permissions checks
Small companies would theoretically benefit from an authorization tool. However, in many cases the tools are too costly, so the cost-benefit ratio is usually not given.
In addition, critical commands should be prohibited from the outset. Examples are EXEC SQL, which allows direct access to database tables bypassing certain security mechanisms, and CLIENT SPECIFIED, which allows access to data in other clients.
Evaluate licence data through the Central User Management
At the latest, if it is no longer possible to clearly define which transactions should be included in which roles and which roles a user requires, a correction is necessary. It must be clear which rights are required for the individual tasks in the system.
Once you have identified the organisational features to consider, verify that you can redesign the existing roles so that the organisational features can be clearly maintained by use. This leads you to a concept in which functional and organisational separation is simply possible. However, it will end up with a larger amount of roles: Roles posting/investing, changing roles, reading roles. Such a concept is free of functional separation conflicts and is so granular that the organisational characteristics can be pronounced per use area.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Now check all permissions in all remaining profiles within the SAP_NEW summary profile that have a higher release level than the SAP_BASIS upgrade start release.
So you can maintain a whitelist.