PROGRAM START IN BATCH
Mitigating GRC risks for SAP systems
A note on the underlying USKRIA table: This table is independent of the client. For this reason, you cannot maintain this table in systems that are locked against cross-client customising. In this case, you should create a transport order in the development system and transport the table to the production system.
We would like to point out that after defining and implementing a authorization object, you should no longer change the permission field list, as this will cause inconsistencies. Once you have determined that you want to add more fields to your check, assign your authorization object to the AAAA object class and create a new authorization object.
RSUSRAUTH
The next step is to maintain the permission values. Here, too, you can take advantage of the values of the permission trace. When you switch from the Role menu to the Permissions tab, you will generate startup permissions for all applications on the Role menu and display default permissions from the permissions suggestions. You can now add these suggested values to the trace data by clicking the button trace in the Button bar. First, select the authorization object that you want to maintain. There can be multiple permissions for each authorization object. Then load the trace data by clicking the Evaluate Trace button. A new window will open again, where you can set the evaluation criteria for the trace and limit the filter for applications either to applications in the menu or to all applications. Once the trace has been evaluated, you will be presented with all checked permission values for the selected authorization object. With the Apply button, you can now take the values line by line, column by column, or field by field.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
In our example, you will see changes that have occurred in the SCUA transaction, such as creating a model view and adding subsidiary systems, changes made in the SCUG transaction, such as the user adoption, and changes to the distribution parameters in the SCUM transaction.