What are the advantages of SAP authorizations?
Authorization object documentation
Run step 2a (automatic synchronisation with SU22 data). In this step, the data of the transaction SU22 of the new release will be transferred to the transaction SU24. If there is a change or difference in applications (changed check marks, suggestions, field values, or new or deleted authorization objects), the USOB_MOD or TCODE_MOD table of the MOD_TYPE is set to M. With SAP Note 1759777, a selection is offered for step 2a, with which this step can be simulated. Another option, Delete Flags for applications with modified data, is offered to apply the new changes only if Step 2a is executed selectively.
CREATE_EMAIL_CONTENT: The example implementation of this method generates the e-mail content. The user ID, the relevant system and the initial password are listed for each user. When the method is called in the Central User Management (ZBV), all initial passwords associated with the system in which the password was reset are listed. You should adapt the content of the e-mail to your requirements.
SAP authorizations: Recommendations for setting up, monitoring and controlling
The relevant authorization objects are then displayed in an ALV list and the documentation for the authorization object can be called up via the I in the Docu column. This documentation then displays much more detailed information about the respective authorization object as well as the defined fields.
The assignment of combinations of critical authorizations (e.g., posting an invoice and starting a payment run), commonly known as "segregation of duties conflicts," must also be reviewed and, if necessary, clarified with those responsible in the business departments as to why these exist in the system. If compensating controls have been implemented for this purpose, it is helpful if the IT department also knows about this so that it can name these controls to the IT auditor. The IT auditor can then pass this information on to his or her auditor colleagues.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
If no critical feature has been detected, the message"Programme RSUSR003 reports ›Security check passed‹"will be displayed instead.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
The SE38 and SA38 transactions should not be allocated in the productive system and custom programmes should be included in own transaction codes.