AUTHORIZATIONS FOR BATCH PROCESSING IN THE SAP NETWEAVER AND S/4HANA ENVIRONMENT
SU2X_CHECK_CONSISTENCY & SU24_AUTO_REPAIR
If you do not encrypt communication between the client and the application servers, it is surprisingly easy for a third party to catch the username and password. Therefore, make sure you encrypt this interface! There is often uncertainty as to whether the password in SAP systems is encrypted by default and whether there is encryption during communication between the client and application servers by default. This ignorance can lead to fatal security vulnerabilities in your system landscape. We would therefore like to explain at this point how you can secure the passwords in your system and protect yourself against a pick-up of the passwords during transmission.
No matter what the reason, it is quickly said that a new authorization concept is needed. But this is not always the case. And if it is, the question is which authorization concept in SAP HCM is the right one. Yes, exactly which concept, because in SAP HCM there are three ways to implement an authorization concept.
How to analyze roles and authorizations in the SAP system
Every large company has to face and implement the growing legal requirements. If the use of an authorization concept is to be fully successful on this scale, the use of an authorization tool is unavoidable. For medium-sized companies, the use of an authorization tool is usually also worthwhile. However, decisions should be made on a case-by-case basis.
The chapter on authorization recertification should also be defined in the authorization concept, which is documented in writing. This refers to a regular review of the assigned authorizations in the SAP® system, to be performed at least once a year. In the course of this process, the responsible departments should review the assignment of the respective roles to users in their area and critically scrutinize it once again. This process ultimately ensures that users only have the authorizations in the SAP® system that they actually need. It must therefore be defined in which time period and in which form the departments must receive the information about the assigned authorizations and report back regarding the correctness of the assignment. During preparation, it is therefore necessary to check whether the process has been carried out in accordance with the internal specifications, but also in accordance with possible suggestions for optimization made by the auditor, and whether all the evidence is stored ready to hand for the auditor.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
The AIS has thus been switched from the previous role concept to thematic audit structures and offers new functions, such as logging all audit activities.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
For this purpose, the user buffer of the reference user is also created at login and these entries are also checked during permission checks of the inheriting user.