Immediate authorization check - SU53
Use AGS Security Services
Increased compliance requirements and the design of internal control systems confront companies with an increasing number of rules on how SAP (and other IT) systems must be technically protected. The SAP authorization concept specifies such legal standards and internal company rules. This ensures that each user only receives the authorizations he or she needs for his or her activities. The business risk can thus be reduced to a minimum.
From release 10.1, SAP Access Control supports the creation of users and the assignment of roles and privileges in HANA databases. If you use the concept of business roles in SAP Access Control, you can achieve an automatic installation of the users in SAP NetWeaver AS ABAP and HANA database and the assignment of the ABAP and HANA technical roles (or privileges) when assigning a business role.
Use system recommendations to introduce security
We are often asked how permissions are properly assigned to schedule background jobs and manage those jobs. Just follow the guidelines below. Whenever you want programmes to run periodically at specific times without user interaction, or when their runtime should not interfere with normal dialogue operations, schedule them as batch jobs in the background. The scheduling and editing of batch jobs is regulated by permissions, which are often not clear about their use. We therefore explain to you what permissions are necessary for and which authorization objects are important.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
Deleting Expired PFCG Scrolls - If you uncheck Expired Mappings, Expired Scrolls will be removed from the user's root.