Extend permission checks for documents in FI
Redesign of SAP® Authorizations
SAP's FI module is one of the most common in the SAP world and covers all business processes in the area of finance and accounting. The processes that run through this module are used for double-entry bookkeeping and recording of documents in the required accounts. It also establishes the associated profit determination for external and internal purposes.
You can also monitor security alerts from the Security Audit Log via the Alert Monitoring of your Computing Centre Management System (CCMS). The security warnings generated correspond to the audit classes of the events defined in the Security Audit Log. Many companies also have the requirement to present the events of the Security Audit Log in other applications. This requires evaluation by external programmes, which can be done via the XML Metadata Interchange (XMI) BAPIs. You must follow the XMI interface documentation to configure it. You can also use the RSAU_READ_AUDITLOG_ EXTERNAL sample programme as a template. A description of this programme can be found in SAP Note 539404.
Authorization object documentation
Only current profile data is always recorded, so that obsolete profiles and permissions in the target system cannot be deleted by transport. This data remains associated with the users and remains effective until it clears a user synchronisation with the Cleanup option (transaction PFUD).
If you do not have authorization e.g. for a transaction and you get a message that you are missing authorization, you can use transaction SU53 to analyze the missing authorization. This transaction shows the last failed authorization check, including the authorization objects and authorization fields.
Authorizations can also be assigned via "Shortcut for SAP systems".
Now the SAP system is basically able to encrypt emails.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
In addition, you must activate the Security Audit Log via the profile parameters in the transaction RZ11 and make technical settings.