Controlling file access permissions
Even if key users (department users/application support) do not have to develop their own authorization objects and cooperation with SAP Basis is always advantageous, there are often technical questions such as "Which users have authorization to evaluate a specific cost center or internal order?
The SAP Code Vulnerability Analyser can be used to scan both custom on-premise and on-demand applications programmed in ABAP. The SAP Code Vulnerability Analyser is included with SAP NetWeaver AS ABAP 7.02; an installation is not necessary. For details on the relevant support packages, please refer to SAP Notes 1921820 and 1841643. You do not need additional servers or additional administration. You can activate the SAP Code Vulnerability Analyser with the RSLIN_SEC_LICENSE_SETUP report, but you have to pay additional royalties for it.
Here, too, it is possible to create security and an overview with the help of tools for HR authorizations. The tool creates a clear overview of which data certain users are allowed to access in the SAP system. Based on this, it is possible to develop automatic checks that run in the background and regularly monitor whether changes to authorizations have created critical gaps in HR.
You can use authorization objects to restrict access to tables or their content through transactions, such as SE16 or SM30. The S_TABU_DIS authorization object allows you to grant access to tables associated with specific table permission groups. You can view, maintain, and assign table permission groups in transaction SE54 (see Tip 55, "Maintain table permission groups"). For example, if an administrator should have access to user management tables, check the permission status using the SE54 transaction. You will notice that all the user management tables are assigned to the SC table permission group.
In addition to SAP standard software, do you also use custom ABAP programmes? Learn how the SAP Code Vulnerability Analyser can scan your customer code for potential security vulnerabilities and resolve them if necessary. Permission concepts, firewalls, anti-virus and encryption programmes alone are not enough to protect your IT infrastructure and IT systems against internal and external attacks and misuse. Some of the risks are identified by potential security vulnerabilities in the ABAP code, most of which cannot be addressed by downstream measures and therefore need to be addressed in the code itself. It should also be noted that the permission concepts used can be circumvented by ABAP code, which underlines the weight of security vulnerabilities in the ABAP code. While SAP is responsible for providing security information to help close security vulnerabilities in standard code, it is up to you to address security vulnerabilities in custom ABAP programmes. Companies are subject to a whole range of legal requirements on data protection and data integrity, and you can fulfil them as far as possible with the help of a new tool. The SAP Code Vulnerability Analyser is integrated into the ABAP Test Cockpit (ATC) and thus available in all ABAP editors such as SE80, SE38, SE24, etc. Developers can use it to scan their code for vulnerabilities during programming and before releasing their tasks. This reduces testing costs and costs.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
In addition, uniform naming conventions should be used because, on the one hand, many things cannot be changed after the initial naming and, on the other hand, this ensures searchability in the SAP system.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
This allows you to review the history of the audit results at a later stage or to view only the results of the last audit.