Reset passwords using self service
Configure Security Audit Log
Access to this data is critical, since the hash values can possibly be decrypted using tools, thus enabling unauthorized logon to the SAP system. Since identical passwords are often used for different systems, the determined password may also be usable for downstream systems. The current or former hash values of the passwords are stored in the tables USR02, USH02, USRPWDHISTORY, USH02_ARC_TMP, VUSER001 and VUSR02_PWD. These tables can be accessed either via classic table access transactions such as SE16 or via database administration transactions such as DBACOCKPIT. The authorizations required for table access via database tools depend on the respective system configuration and should be verified via an authorization trace (transaction STAUTHTRACE), if necessary.
Evaluate the criticality of the security advisories for your company and also take into account the risks that may arise from the introduction of the SAP notes. This may include, for example, risks or expenses due to change and the corresponding tests in a productively used business process. Depending on this evaluation, you decide which safety instructions you want to insert directly and which hints should be implemented in the next maintenance cycle.
Changes in customizing and various security-relevant changes, such as the maintenance of RFC interfaces, can be viewed via table change logs. This authorization should only be given to an emergency user.
The report shows system owners in real time which roles exist in SAP SuccessFactors and which authorizations these roles contain. The report also shows which roles are assigned to which users and whether there are duplicates, for example of groups or authorizations. The user can export this overview at any time.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
But all transferred manually? Not with this new feature! If you have previously created PFCG roles, you must maintain all open permission fields manually.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
However, you can also use the proof of use in the authorization object maintenance to search for specific implementation sites.