Object S_BTCH_ADM (batch administration authorization)
SU2X_CHECK_CONSISTENCY & SU24_AUTO_REPAIR
When considering the security of SAP transport landscapes, it is not only the production system that is relevant for auditing. The other systems, including the development systems, must also be included in the risk considerations. The SAP_ALL profile is still frequently used there instead of concrete roles. This article identifies the main risk areas.
For a call of transactions from SAP ERP from the SCM system to work, the RFC connection to be called for each ERP transaction must be maintained. To do this, click the More node details button and select the Target system item.
RS_ABAP_SOURCE_SCAN
The role concept provides that each user can only process the tasks to which he is authorized. It is developed across departments and must protect sensitive data from unauthorized access. A clear role concept enables a modular structure of authorizations without having to create separate roles for each user.
Help, I have no permissions (SU53)! You want to start a transaction, but you have no permissions? Or the more complex case: You open the ME23N (show purchase order), but you don't see any purchase prices? Start transaction SU53 immediately afterwards to perform an authorization check. The missing authorization objects will be displayed in "red". You can also run SU53 for other users by clicking on Authorization Values > Other Users in the menu and entering the corresponding SAP user name.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
No changes allowed: This option blocks any changes to roles.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
The only requirement is that the data be available for a representative period.