Reset passwords using self service
Define S_RFC permissions using usage data
In the event that such conflicts nevertheless arise, regular checks should be established as part of an internal control system. Furthermore, the authorization concept includes content such as the integration of the data owner, security-relevant system settings, specifications for maintaining authorization default values (transaction SU24) and documentation requirements.
The report RSUSR008_009_NEW (List of users with critical permissions) is provided starting with SAP Web Application Server 6.20 with the following support packages: Release 6.20, starting with SAPKB62039 Release 6.40, starting with SAPKB64003 You can continue using the old reports RSUSR008 and RSUSR009 until release 6.40. The RSUSR008_009_NEW report is delivered with the old SAI proposals for critical credentials already used in the RSUSR009 report.
Maintain table permission groups
With the SAP NetWeaver 7.03 and 7.30 releases, Web Dynpro ABAP applications (as well as other Web Dynpro ABAP functions, see SAP Note 1413011) have been tested for permission to launch such applications. The authorization object that controls this startup permission is S_START. This authorization object is used in the same way as the S_TCODE authorization object.
You must set up a message class for later use. To do this, you will be prompted automatically when the transaction GGB0 is first called. If some relevant fields of the complete document are hidden, i.e. not available, please refer to the instructions in the SAPHinweis 413956. Set up validation in the GGB0 transaction (such as GALILEO) and determine the steps of validation. In the validation process, copy the RGGBR000 programme into your Customer Name Room, replacing the last three characters with the number of the client in which the validation will be performed. Then assign your new customer-owned programme with the GCX2 transaction to the GBLR user exit control workspace. This assignment has created the prerequisite for client-dependent user exits. If you want to set up a client-independent user exit, do the same, but use the transaction GCX1.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
Native or analytical tiles: These tiles work exclusively in the FIORI interface and are adapted to the new technology.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
In the event that such conflicts nevertheless arise, regular checks should be established as part of an internal control system.