Maintain generated profile names in complex system landscapes
What are the advantages of SAP authorizations?
Our example role MODELING makes it clear that it is possible to assign different types of privilege to a role. The SAP HANA Studio shows you in the administration interface which user (the so-called grantor) has assigned the respective privilege to this role (granted). By filtering and sorting, you can optimise the appearance of the role content. Depending on the type of privilege, you will be presented with the appropriate details by selecting an entry.
It is very important that critical authorizations are generally subject to a monitoring process in order to be able to ensure that they are assigned in a productive system in a very restricted manner or not at all. Law-critical authorizations in particular, such as deleting all change documents, debugging ABAP programs with Replace, and deleting version histories, must never be assigned in a production system, as these authorizations can be used to violate the erasure ban, among other things. It must therefore be ensured that these authorizations have not been assigned to any user, not even to SAP® base administrators.
Handle the default users and their initial passwords
Many tools that offer to simplify care operations of the transaction PFCG work Excel-based. The complete roll data is stored and processed in Excel. Then the Excel file is uploaded with a special programme and generates roles and role changes. While this all looks very comfortable (and probably is at first), it has its drawbacks in the long run.
Confidential information from your SAP system can also be sent by email. Make sure that this data is only transmitted encrypted. Your SAP system contains a lot of data, which is often confidential. This can be business-critical or personal data or even passwords. It happens again and again that such data must also be sent by e-mail. Therefore, make sure that this information is always encrypted and signed if necessary. Encryption is intended to ensure the confidentiality of the data, i.e. that only the recipient of the e-mail should be able to read it. The digital signature serves the integrity of the data; the sender of an e-mail can be verified. We present the configuration steps required for encryption and provide examples of how to encrypt the sending of initial passwords. There are two ways to encrypt and sign emails in the SAP system: via SAPconnect, via a secure third-party email proxy.
Authorizations can also be assigned via "Shortcut for SAP systems".
Generated authorization profile - Generated in the role administration from the role data.
Now assign the identifier of the created critical permission to the variant.