SAP Authorizations Adjust tax audit read permissions for each fiscal year - SAP Basis

Direkt zum Seiteninhalt
Adjust tax audit read permissions for each fiscal year
In general, you should note that not all relevant change documents of a system are present in the user and permission management. As a rule, authorisation administration takes place in the development system; Therefore, the relevant proof of amendment of the authorisation management is produced in the development systems. By contrast, you will find the relevant user administration change documents in the production systems; Therefore, you should note that when importing roles and profiles in the production systems, no change documents are written. Only transport logs are generated that indicate that changes have been made to the objects. For this reason, the supporting documents of the development systems' authorisation management are relevant for revision and should be secured accordingly.

Small companies would theoretically benefit from an authorization tool. However, in many cases the tools are too costly, so the cost-benefit ratio is usually not given.
Temporarily disable Central User Management
Evaluate the criticality of the security advisories for your company and also take into account the risks that may arise from the introduction of the SAP notes. This may include, for example, risks or expenses due to change and the corresponding tests in a productively used business process. Depending on this evaluation, you decide which safety instructions you want to insert directly and which hints should be implemented in the next maintenance cycle.

In order to be able to act fully at all times in emergency situations, an SAP emergency user must be available who has all authorizations for the entire SAP system (typically by means of the composite profile SAP_ALL). However, this not only makes him a great help, but also extremely dangerous, so that his use must be precisely regulated via a dedicated concept.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

Basically, it is recommended to include the topic of authorization conception in the project planning of a new implementation at an early stage in order to prevent subsequent rework and also to be able to pass through the acceptance by external auditors without any problems.

Now, if you want to use the debugger, you can set a Session Breakpoint directly from the source code via the button.
Zurück zum Seiteninhalt