SIVIS as a Service
Security Automation for SAP Security Checks
The aim of authorization concepts is to provide each user with the authorizations required for his or her task in the SAP system in accordance with the rules. A good authorization concept is the cornerstone for efficient and cost-effective authorization assignment.
In our eCATT test configuration, the prepared file can now be used to play the recording. Note that playback stops when we encounter an error in the PFCG transaction, such as when we try to create a role with the input values that already exist. To play, specify the file under External Variants in Test Configuration and click Run (F8). You will be given the opportunity to set some playback properties. Now, with Run, it starts. You will see some messages from the PFCG version at the bottom of the status bar and will end up with a summary of success (or failure if there were errors). We admit that eCATT is more complex to use than the transaction SU10. However, if you have used eCATT a few times, it is quite quick. Please always note that the basic mechanism is to play a recording and therefore other organisational levels (e.g. a third organisational level, which is in the dialogue before the work and the sales point) also require a different recording and editing.
Context-dependent authorizations
In SAP systems, authorization structures grow over the years. If, for example, there is a restructuring in the company or there are new organizations, there is a risk that the authorization concept no longer fits or is implemented correctly.
First, the Web application developers must implement appropriate permission checks and make PFCG available for use in role maintenance in the transaction. This includes the maintenance of proposed values in the transaction SU22. The SAP Note 1413012 (new reusable startup authorisation check) provides all the necessary details.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
On the one hand, HR administrators should be able to perform their tasks - on the other hand, the protection of employees' personal data must be ensured.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
In this context, we recommend that you check the mappings for critical function blocks or functional groups.