Emergency user concept
Dialogue user
You can also monitor security alerts from the Security Audit Log via the Alert Monitoring of your Computing Centre Management System (CCMS). The security warnings generated correspond to the audit classes of the events defined in the Security Audit Log. Many companies also have the requirement to present the events of the Security Audit Log in other applications. This requires evaluation by external programmes, which can be done via the XML Metadata Interchange (XMI) BAPIs. You must follow the XMI interface documentation to configure it. You can also use the RSAU_READ_AUDITLOG_ EXTERNAL sample programme as a template. A description of this programme can be found in SAP Note 539404.
Make sure that reference users are assigned minimal permissions to avoid overreaching dialogue user permissions. There should be no reference users with permissions that are similar to the SAP_ALL profile.
Application Permissions
Look closely at the security advisory so that you can identify the affected programmes or functions and schedule appropriate application tests. Use a test implementation in the SNOTE transaction to identify additional SAP hints that are required for a security advisory and may also contain functional changes.
A user reports that he or she is receiving a permission error even though you have granted him or her the required permissions. This could be due to a faulty buffering of the permission data. Although a user has been assigned a role with the correct permission data, this user is presented with a permission error due to missing permissions. This may be surprising at first glance, but it can almost always be fixed by a short analysis.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
You can run the report for users, roles, profiles, and permissions as described above.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
One is the transactional tiles and the other is the native or analytical tiles :