Mitigating GRC risks for SAP systems
Use timestamp in transaction SU25
Careful maintenance of suggestion values in the relevant authorization objects results in recurring benefits in creating and revising roles for Web applications. In addition, the SU25 transaction supports role post-processing in the context of SAPUpgrades.
In order to get an overview of the organisations and their structure, we recommend that you call the Org-Copier (in read mode!) for the various organisational fields via the transactions EC01 to EC15. The customising in the SPRO transaction allows you to define the organisation fields and their respective assignment in the corporate structure area.
Sustainably protect your data treasures with the right authorization management
You can do without taking obsolete profile data into account by adding the correction from SAP Note 1819126 and then setting the REC_OBSOLETE_AUTHS customising switch to NO in the table PRGN_CUST. This correction is also important because it fixes runtime problems when releasing role transports, resulting from the correction in SAP Note 1614407. As a general rule, you should always run bulk transport sharing in the background.
The generic entries cause deletions in the target system if the same entries originate from both development systems. To prevent this, insert SAP Note 1429716. Then use the report SU24_TRANSPORT_TABLES to transport your SU24 data. This report creates a detailed transport BOM based on the application names. Since the report has significantly higher maturities than step 3 of the transaction SU25, we advise you to apply this report only in a Y-landscape.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
After you have determined the data for the website, you must now generate the initial password and send it by e-mail and unlock the user if necessary.
The menu can now be finally sorted.