What to do when the auditor comes - Part 1: Processes and documentation
RSUSR008_009_NEW
Every SAP system (ERP) must be migrated to SAP S/4HANA® in the next few years. This technical migration should definitely be audited by an internal or external auditor.
They have encountered a role that includes manually maintained organisational levels. Even if you correct the error manually in the role by manually deleting the manually maintained value of the organisation levels in the authorization object, the value in question is not drawn from the organisation level. The AGR_RESET_ORG_LEVELS report allows you to reset these values for the role. The manually maintained organisational data will be deleted, and only the values that have been maintained via the Origen button will be drawn.
In the transaction, select SU10 by login data of users
Add SAP Note 1433352 to your system. This note ships with the RSAUDIT_SYSTEM_STATUS report. This report documents the current status of the Client and System Modification Settings in an overview, which you can also print out for evaluation if required. The advantage of this report is that pure display permissions are necessary to execute it.
One way of gaining direct access to downstream systems from the development system and possibly performing unauthorized activities there is to use incorrectly configured interfaces. In principle, interfaces within a transport landscape should be avoided with regard to the criticality of the systems "uphill", i.e. from an "unsafe" to a "safe" system (e.g. E system to Q or P system). However, this cannot always be implemented; for example, such interfaces are needed within the transportation system. Without going too deeply into the subject, however, critical interfaces can be characterized by the following properties. Critical interfaces refer to a critical system and a critical client, contain an interface user with critical authorizations in the target client, contain its deposited password.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
You can prepare maintenance work in good time.
You will see some messages from the PFCG version at the bottom of the status bar and will end up with a summary of success (or failure if there were errors).