Extend permission checks for documents in FI
Permissions and User Root Sets Evaluations
SAP authorizations are a security-critical and thus an immensely important topic in companies. They are used not only to control the access options of users in the SAP system, but also the external and internal security of company data depends directly on the authorizations set.
If you still have problems with the performance of the evaluation, despite the regular archiving and indexing of the modification documents of your user and permission management, this is probably due to the amount of central change documents. In this case, you also need an archiving concept for other key change document data. SAPHinweis 1257133 describes the procedure for creating such a concept.
Authorization Analysis
As part of the implementation of a security patch process, you will have to evaluate many security advisories, depending on your release and support package status. In this case, you can use the RSECNOTE report or the EarlyWatch Alerts to evaluate which security information has been identified as particularly critical by SAP Active Global Support. Since March 2013, the RSECNOTE report has only been very restricted and therefore contains only a few new safety recommendations. Nevertheless, it provides good guidance for the initial resolution of security gaps.
Of course, you can also use the data obtained with the permission trace (with filter for the S_DATASET authorization object) to express permissions on the object itself. In any case, you should also use the values obtained for the PROGRAM field. In this way, you exclude misuse by modified copies of ABAP programmes. This limitation of access programmes already represents a security gain, even if you do not want to restrict access to paths and files.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Now you can remove the SAP_NEW profile from all users.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
In SAP NetWeaver AS ABAP 7.0 and above, reference users are considered in the reports of the user information system.