Unclear objectives and lack of definition of own security standards
Statistical data of other users
You can set up a nightly background job to match the certificates with your customer's own programme. This requires that the certificates can be obtained through an SAP programme.
Starting with SAP NetWeaver 7.31, the Security Audit Log enables the complete display of longer event parameters in messages. To do this, the maximum storage space for variables in messages has been increased to 2 GB. To play this extension, you need a kernel patch. For the fixes and an overview of the required support packages, see SAP Note 1819317.
Compare Role Upgrade Permissions Values
You can greatly facilitate the maintenance of permissions in controlling by defining the RESPAREA field as the organisational level, and thus using your cost centre and profit centre hierarchies. In the SAP system, you can define cost centre hierarchies and profit centre hierarchies. For example, they can map the expiration organisation or a matrix organisation in your company. To facilitate the mapping of permissions for the controlling reports, you can grant permissions to nodes in those hierarchies. You can do this by assigning permissions through the RESPAREA field, which is used in certain authorization objects in the controlling. We would like to facilitate the creation of roles for these permissions by explaining to you which activities are necessary in advance to define the RESPAREA field as an organisational level.
SAP Note 1707841 ships an extension to the system trace in the STAUTHTRACE transaction, which enables the permission trace to be used on all or on specific application servers. To select the application servers on which to start the trace, click the System Trace button. Now select the application servers in the list on which you want to run the system trace and start the trace with a click on Trace. In the evaluation of the Permission trace, an additional column named Server Name appears, showing you the name of the application server on which the respective permission checks were logged.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
For the Internet release of reports, it is necessary that an authorization group has been maintained for the respective report.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
Particularly in the banking environment, there are very strict guidelines for the permissions of background jobs used for monthly and quarterly financial statements, etc.