SAP Authorizations Adjust tax audit read permissions for each fiscal year

Direkt zum Seiteninhalt
Adjust tax audit read permissions for each fiscal year
Extend permission checks for documents in FI
The daily business of an authorization administrator includes the checks and analyses of critical authorizations and combinations in the system. The focus is on users and roles in the respective clients and system rails. The SAP standard report RSUSR008_009_NEW is suitable for this purpose. You must first create corresponding check variants and authorization values for critical authorizations or combinations either using the program itself or transaction SU_VCUSRVARCOM_CHAN. These then correspond to your internal and external security guidelines. You can then run the report with your respective check scope and the corresponding critical authorization or combination variant and check in which roles or users such violations exist. This serves to protect your entire IT system landscape and should be carried out periodically.

SAP NetWeaver 7.31 introduces a new method for determining affected applications and roles by timestamping (see tip 45, "Using the timestamp in the transaction SU25"). With the Support Package 12 for NetWeaver Release 7.31 and Support Package 4 for NetWeaver Release 7.40 from SAP Note 1896191, the Expert Mode function for taking SU22 data for step 2 has been added.
Ensuring secure administration
Do you want to customise the settings for the Session Manager, Profile Generator and User Care? Use the parameters in the customising tables SSM_CID, SSM_CUST, SSM_COL, PRGN_CUST and USR_CUST. Here we show you the settings for the Session Manager, the Profile Generator or the User Care. How do I merge the user menu from different roles or disable it altogether? How can the generated passwords be adapted to your needs? How can you automatically perform user master matching after role assignments via the PFCG transaction? And how can you prevent assignments from being transported from users to roles? We'll show you how to make these settings.

For accesses by verifier users (from the table TPCUSERN), the selection parameters of the invoked transaction are logged in the application log and can be evaluated with the report CA_TAXLOG. In the example, the single ledger entry for the vendor account 100000 was invoked.

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

If you want to get more information about SAP basis, visit the website www.sap-corner.de.


To do this, create a new view in the SE11 transaction and add the table to which the constraint will apply on the Tables/Join Conditions tab.

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.


In addition, there is the challenge of limiting access to the audited financial years.
Zurück zum Seiteninhalt