Centrally view user favourites
Limitations of authorization tools
Increased compliance requirements and the design of internal control systems confront companies with an increasing number of rules on how SAP (and other IT) systems must be technically protected. The SAP authorization concept specifies such legal standards and internal company rules. This ensures that each user only receives the authorizations he or she needs for his or her activities. The business risk can thus be reduced to a minimum.
Permissions must have both identical maintenance status (default, maintained, modified, manual) and an identical active status (active or inactive). Exceptions represent changed permissions and manual permissions; these are summarised when the active status is identical.
User Information System SUIM
However, you can also use the proof of use in the authorization object maintenance to search for specific implementation sites. To do this, open the authorization object in the SU21 transaction. Open the proof of use via the button and a pop-up window appears for querying usage modes (for example, using the affected authorization object in programmes or classes). After making your selection in the Usage Proof, all of the affected implementations will be tabulated. Double-click to access the relevant code locations.
The assignment of combinations of critical authorizations (e.g., posting an invoice and starting a payment run), commonly known as "segregation of duties conflicts," must also be reviewed and, if necessary, clarified with those responsible in the business departments as to why these exist in the system. If compensating controls have been implemented for this purpose, it is helpful if the IT department also knows about this so that it can name these controls to the IT auditor. The IT auditor can then pass this information on to his or her auditor colleagues.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
However, this not only makes him a great help, but also extremely dangerous, so that his use must be precisely regulated via a dedicated concept.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
If organisational levels are also included that are no longer required, they will be automatically deleted.