SU2X_CHECK_CONSISTENCY & SU24_AUTO_REPAIR
General considerations
Transactions: Transactions in the audit structure start the necessary evaluations for the audit. You can recognise transactions by the clock symbol ( ). Double-clicking on the icon opens the transaction in a new window and allows you to start the evaluation. In addition, the SAIS transaction log entries for this audit activity are displayed in the upper right pane of the display. These include the current date of execution, the verifier's user ID, a check status that you assign yourself, a weighting, and a justification for the check status that you also enter into a text box. Below is an overview of the audit activities performed so far, also with a time stamp, the user ID of the verifier, the weighting of the status of the audit activity and a justification. In order not to manipulate the scanning activities, it is not possible to modify data stored once.
You can do without taking obsolete profile data into account by adding the correction from SAP Note 1819126 and then setting the REC_OBSOLETE_AUTHS customising switch to NO in the table PRGN_CUST. This correction is also important because it fixes runtime problems when releasing role transports, resulting from the correction in SAP Note 1614407. As a general rule, you should always run bulk transport sharing in the background.
Permissions with Maintenance Status Changed or Manual
Standard users such as SAP* or DDIC should also be implemented correctly in accordance with the authorization concept or SAP's recommendations. An important preparatory action here is to check whether the passwords have been changed for all standard users.
To establish an efficient and consistent structure in the area of SAP authorization management, function-related role and authorization assignments are the be-all and end-all. In addition, the existing authorization concept must be constantly analyzed for changes and security-relevant errors through proactive monitoring. This prevents negative and highly security-critical effects on your entire system landscape. To make this task easier for you, Xiting provides you with a comprehensive analysis tool, the Xiting Role Profiler. In addition, you can perform a basic analysis in advance, which will also be the main focus of this blog. The goal is to show you SAP standard methods with which you can already independently optimize your authorization and role administration.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
Roles reflect access to data depending on the legitimate organisational values.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
Because there is hardly anything more boring, at the latest after one hour the first errors creep in.