Authorization concept - user administration process
Data ownership concept
Every large company has to face and implement the growing legal requirements. If the use of an authorization concept is to be fully successful on this scale, the use of an authorization tool is unavoidable. For medium-sized companies, the use of an authorization tool is usually also worthwhile. However, decisions should be made on a case-by-case basis.
Furthermore, the statistical data of other users (user activities, such as executed reports and transactions) should be classified as sensitive, since it may be possible to draw conclusions about work behavior using this data. This data can be displayed using transaction ST03N, for example. Access authorizations to the two types of data mentioned above should be assigned only very restrictively.
User Information System SUIM
Once you have archived the change documents from the User and Permission Management, you can use a logical index for change document properties to significantly improve performance. First, however, you must ensure that SAP Notes 1648187 and 1704771 are installed in your systems. These notes provide the SUIM_CTRL_CHG_IDX report, which adds key characteristics for change document characteristics of the PFCG and IDENTITY object classes to the SUIM_CHG_IDX table when you have marked the Indices key change documents field. All change documents are indexed (this can lead to a very long run time when the report is first run). Later, the newly added change documents are indexed regularly (e.g. weekly or monthly). To do this, specify the target date in the selection of the report and schedule it as a regular job. Note that you can only create the index until the previous day - otherwise inconsistencies may occur.
Over the course of time, many companies experience profound changes in the framework conditions that significantly influence SAP® authorization management. Not uncommon are subsequent requirements from the area of compliance (SOX or similar) or the increased need for protection.
Authorizations can also be assigned via "Shortcut for SAP systems".
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
The necessary function blocks are identified in the UCON Phase Tool (transaction UCONPHTL), which constantly monitors all external RFC calls and supports an introduction of the UCON Communication Assembly.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
In this case, all reverse-loaded change documents shall be taken into account.