System Users
Change documents
Which users have a specific role (PFCG)? To answer this question you start with the transaction PFCG - the mother of all transactions in the environment of SAP roles and authorizations. Select a role and click on the "Users" tab.
Use the RSUSR003 standard report (or RSUSR003 transaction) to validate the default users for initial passwords and ensure the security policies associated with those users. You can define and use your own layout on the home page. After the report is executed, you will be presented with an overview of the existing standard users in the different companies. This includes the password status, a lock flag, the reasons for the lock, the number of false logins, the user validity periods and the security policies associated with the users. The security policy appears to help you understand whether these users are subject to special login or password rules.
Important components in the authorization concept
The Three Lines of Defense model is used to systematically approach risks that may arise in companies. It integrates operational controls as well as risk management, information security, and internal auditing. It can be used to assess and classify the risks arising from SAP authorizations. The monitoring of risks is incorporated into the processes, so that there is constant control by various bodies. This reduces the risks considerably and ensures a clean authorization assignment.
The IF_IDENTITY interface of the CL_IDENTITY class provides various methods for maintaining the fields of the user master record. As a template for the implementation of the BAdIs, you can use the CL_EXM_IM_IDENTITY_SU01_CREATE implementation example, which automatically populates the SU01 transaction's surname, space number, phone, email address, user group, billing number, and cost centre fields. This example implementation does not provide an external data source; the user name is set as the last name and fixed values are used for the other fields. At this point, you must complete the implementation, depending on your requirements. There are several possible data sources for the user master data that you can access from the BAdI.
Authorizations can also be assigned via "Shortcut for SAP systems".
If you want to get more information about SAP basis, visit the website www.sap-corner.de.
In the Permissions Comparison column, you can find out what exactly changed on the permission, such as whether a permission has been deleted or added anew, or whether the field values in the permission have been updated.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
This report documents the current status of the Client and System Modification Settings in an overview, which you can also print out for evaluation if required.