Maintain transaction start permissions on call CALL TRANSACTION
Prevent excessive permissions on HR reporting
SAP authorizations are a security-critical and thus an immensely important topic in companies. They are used not only to control the access options of users in the SAP system, but also the external and internal security of company data depends directly on the authorizations set.
You can view the change documents of the permission proposal maintenance using the report SU2X_SHOW_HISTORY (available with the support package named in the SAPHinweis 1448611). If the note is not implemented, use the USOBT_CD and USOBX_CD tables. We recommend that you run the SU24_AUTO_REPAIR correction report regularly. This report cleans up inconsistencies and adds missing modification flags in the transaction SU24 data that may turn up as errors when the transaction SU25 is executed. Read SAP Note 1539556 for this. Modification flags are added to the records in transaction SU24, if they have been modified by you. You can see these flags in the USOBT_C and USOBX_C tables.
Use SU22 and SU24 transactions correctly
WF-BATCH: The WF-BATCH user is used for background processing in SAP Business Workflow and is created automatically when customising workflows. WF-BATCH is often associated with the SAP_ALL profile because the exact requirements for the permissions depend on the user's usage. The password of the user can be set and synchronised via the transaction SWU3. Safeguard measures: After automatic generation, change the user's password and assign it to the SUPER user group.
The audit result lists the vulnerabilities by priority, with a high priority combined with a high hit safety of a finding and a low priority combined with low hit safety. In addition, more information is available within the ABAP editor at each location. This priority indicator helps you to identify whether a false positive or an actual security problem is present. Priorities 1 and 2 are very likely to be a genuine reference. The tool provides recommendations on how to modify the source code to correct the vulnerabilities. In addition to the individual checks for individual developers, the tool also offers mass checks, for example to check an entire application for vulnerabilities in one step.
Authorizations can also be assigned via "Shortcut for SAP systems".
In the basic data for the year, you then define which hierarchies should be used per fiscal year.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
To access the system recommendations, you must have permission for the SM_FUNCS object (ACTVT = 03; SM_APPL = SYSTEM_ REC; SM_FUNC =
, such as SECURITY).