Use SAP_NEW correctly
Assignment of critical authorizations and handling of critical users
Increased compliance requirements and the design of internal control systems confront companies with an increasing number of rules on how SAP (and other IT) systems must be technically protected. The SAP authorization concept specifies such legal standards and internal company rules. This ensures that each user only receives the authorizations he or she needs for his or her activities. The business risk can thus be reduced to a minimum.
In SAP systems you always have the possibility to integrate custom developments. In such extensions or your own programmes, you must implement permission checks and may also create your own authorization objects. You can also supplement authorisation checks in standard transactions if the existing checks do not cover your requirements.
Application Permissions
The SAP authorization concept ensures that no unauthorized access can be made to transactions, programs and services in SAP systems. To call up business objects or execute transactions in the SAP system, a user therefore requires the appropriate authorizations. When called, the application started via a transaction checks whether the authorization exists and whether the user is allowed to perform the selected operation.
With the help of the transaction SU22, the software developers can deliver their application with the appropriate authorization objects. After the transfer of the data from the transaction SU22 to the tables from the transaction SU24, the role developer may further process the proposed values with the transactions SU24 or SU25 for use in the transaction PFCG. Please also refer to the SPA 1539556.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
Every company is familiar with the situation every year when the auditor arrives to perform the annual audit and to certify the balance sheet at the end of the audit.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
Transaction SU53 can be used to immediately display the missing authorizations for a single SAP user.