System Security
Communication User
The Security Audit Log now also logs events where the runtime was affected by the debugger. New message types have also been defined in this context. To install this extension, you will need a kernel patch. For the fixes and an overview of the required support packages, see SAP Notes 1411741 and 1465495.
Define explicit code-level permission checks whenever you start transactions from ABAP programmes or access critical functions or data. This is the easiest and most effective defence to protect your business applications from misuse, because programming-level permission checks can ensure two things: Incomplete or incorrect validation of the executed transaction start permissions will result in compliance violations. Complex permission checks can also be performed adequately for the parameterized use of CALL TRANSACTION.
Debug ABAP programs with Replace
A user is displayed in the results list if one of the two transactions with the corresponding expression is included in its corresponding permission profile. If the logical link were fully linked to OR, a corresponding user would appear in the results list if only one of the four permissions is in the user's master set and thus in the permission profile.
Versions are the change documents within the development environment, for example, for changes to ABAP source code or the technical properties of tables. This authorization should only be assigned to an emergency user.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
This should list which regulatory requirements the respective SAP system must fulfill and the associated authorization concept must take into account.
There are several possible data sources for the user master data that you can access from the BAdI.