Structural authorizations
Maintain authorization objects more easily
In the event that such conflicts nevertheless arise, regular checks should be established as part of an internal control system. Furthermore, the authorization concept includes content such as the integration of the data owner, security-relevant system settings, specifications for maintaining authorization default values (transaction SU24) and documentation requirements.
The S_RFCACL authorization object is removed from the SAP_ALL profile by inserting SAP Note 1416085. This notice is included in all newer support packages for the base component; This affects all systems down to base release 4.6C. The reason for this change is that the S_RFCACL authorization object, and especially the expression "total permission" (*), is classified as particularly critical for its fields RFC_SYSID, RFC_CLIENT and RFC_USER. These fields define from which systems and clients or for which user IDs applications should be allowed on the target system. Thus, the overall authorisation for these fields allows the login from any system and client or for any user and thus creates significant security risks.
RSRFCCHK
Assigning clear authorizations to employees is not a sign of mistrust, but offers a high level of protection - both for the company and for the employees themselves. By assigning SAP authorizations on a role-specific basis, each employee is given access to the system according to his or her task.
Authorizations can also be assigned via "Shortcut for SAP systems".
You can also find some useful tips from practice on the subject of SAP authorizations on the page "www.sap-corner.de".
Dialogue users are intended for use by natural persons who log in to the SAP system via SAP GUI (dialogue login).