Audit Information System Cockpit
Deletion of change documents
In the IT sector, we have to face new challenges every day. New technologies require us to act accordingly in order to always keep the current system landscape up to date, to strengthen our position on the market and, of course, to gain a technological edge over other competitors. This is also reflected in the corresponding SAP system landscape. Read in the two-part blog series why an authorization concept should be considered as early as possible in a project phase - especially when converting to SAP S/4HANA.
A note on the underlying USKRIA table: This table is independent of the client. For this reason, you cannot maintain this table in systems that are locked against cross-client customising. In this case, you should create a transport order in the development system and transport the table to the production system.
Security in development systems
In principle, a technical 4-eyes principle must be implemented within the complete development or customizing and transport process. Without additional tools, this can only be achieved in the SAP standard by assigning appropriate authorizations within the transport landscape. Depending on the strategies used, only certain transport steps within the development system should be assigned to users. When using the SAP Solution Manager ("ChaRM") for transport control, for example, only the authorizations for releasing transport tasks should normally be assigned here. The complete processing of a transport in the development system consists of four steps: Creating and releasing a transport request (the actual transport container), creating and releasing a transport task (the authorization for individual users to attach objects to the respective transport request).
The security check also shows when no redesign is necessary because the authorizations found are compatible with the current concept. The checks allow incorrect authorizations to be identified and rectified without a redesign.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The AL08 transaction displays all logged-in users and their application servers.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
But all transferred manually? Not with this new feature! If you have previously created PFCG roles, you must maintain all open permission fields manually.