Use SAP Code Vulnerability Analyser
In the transaction, select SU10 by login data of users
The object S_PROGRAM checks since SAP Release 2.x for the field TRDIR-SECU i.e. the authorization group of the program. As of Release 7.40, you can optionally switch on a check for the object S_PROGNAM. For more information, see note 2272827 for further instructions. The check on S_PROGNAM MUST first be activated in the customer system. Note, however, that they CORRECTLY authorize S_PROGNAM before doing so, otherwise NOBODY except emergency users will be able to start any report or report transaction after the SACF scenario is activated.
Do you need to integrate the S_TABU_NAM authorization object into your existing permission concept? In this tip, we show you the steps that are necessary to do this - from maintaining the suggestion values to an overview of the eligible tables. You have added the S_TABU_NAM authorization object to your permission concept, so that users can access the tables not only through the S_TABU_DIS authorization object, but also through S_TABU_NAM. This directly regulates access to the tables via table permission groups or, if access is not allowed through table permission groups, via the table permission (see Tip 73, "Use table editing authorization objects"). Do you want to identify the tables or created parameter transactions that allow access to only specific tables to maintain SU24 for these suggested values in the transaction? This makes it easier to maintain PFCG roles. Furthermore, a tool would be useful to give you an overview of the tables for which a user is entitled.
Security Automation for HR Authorizations
Roles can be cut so that, for example, they only have display or change permissions. Furthermore, it could be differentiated between customising, master data and movement data maintenance.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
You can also find some useful tips from practice on the subject of SAP authorizations on the page "www.sap-corner.de".
In addition, we strongly advise you to send the emails encrypted with the initial passwords.