Manual authorizations
Deletion of change documents
For an overview of the active values of your security policy, click the Effective button. Note that not only the attributes you have changed are active, but also the suggestion values you have not changed.
It is very important that critical authorizations are generally subject to a monitoring process in order to be able to ensure that they are assigned in a productive system in a very restricted manner or not at all. Law-critical authorizations in particular, such as deleting all change documents, debugging ABAP programs with Replace, and deleting version histories, must never be assigned in a production system, as these authorizations can be used to violate the erasure ban, among other things. It must therefore be ensured that these authorizations have not been assigned to any user, not even to SAP® base administrators.
Goal of an authorization concept
The security audit log is evaluated via the SM20 or SM20N transaction or the RSAU_SELECT_EVENTS report. We recommend using the report as you have more options to personalise the evaluation and to include archived logs of different application servers in the evaluation.
Any deviation from the defined process must be fully documented and justified. This is because it is precisely deviations from the standard case that are of great interest to an auditor, as the auditor must determine whether a deviation could have an impact on the correctness of the data.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
Delete a transaction from a test role and remix that role.
Basic information about Current Settings is provided in SAP Notes 135028 and 356483.