System trace function ST01
Customise SAP_ALL Profile Contents
For an overview of the active values of your security policy, click the Effective button. Note that not only the attributes you have changed are active, but also the suggestion values you have not changed.
After all authorizations are maintained, the role must be saved and generated and a user comparison must be performed. However, this should not be a topic here in the article. This can also be done with the transaction PFUD (see comments to the article "SAP BC: Empty user buffer" :-).
Structural authorizations
Define critical permission combinations that cannot be assigned in the monitored systems. A whitelist allows you to specify which users (such as emergency users) you want to exclude from the evaluation. Identify vulnerabilities in the configuration of your RFC interfaces, i.e. RFC connections, where users with extensive permissions (e.g., the SAP_ALL profile) are registered. These RFC connections can be used for the so-called RFC-Hopping, where access to an SAP system is made via such an extensively authorised RFC connection.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
At "www.sap-corner.de" you will also find a lot of useful information on the subject of SAP authorizations.
Look closely at the security advisory so that you can identify the affected programmes or functions and schedule appropriate application tests.