Evaluation of the authorization check SU53
Security within the development system
You can customise the AIS cockpit to your needs. To do this, use the customising that you will also find in the transaction SAIS under the button Administration of the audit environment. Select Configure Audit Cockpit and you can define a default audit structure, the maximum line length for log entries, and the number of log entries per audit step.
This approach makes authorization management considerably more efficient, since functional changes do not have a global impact on the entire authorization structure. This ensures the quality of authorizations in the long term. Authorizations in SAP systems enable users to access the applications relevant to their activities. To ensure that processes are mapped securely and correctly, SAP authorizations must be regularly checked and reworked.
The Anatomy of SAP Authorization or Documentation on SAP Authorization Objects and Authorization Field Values
Of course, these objects can be adapted to the requirements of a company at any time. If a new program is required in the namespace of a company, the programmer decides which authorization objects should be checked in this program. If the standard objects do not meet the desired requirements, the programmer can create his own authorization objects that contain the required authorization fields.
Sometimes implementation consultants are also confronted with the situation that no authorization concept exists at all. This happens, for example, when changes in SAP SuccessFactors responsibilities occur on the customer side or different implementation partners were active in the past. However, a missing concept can lead to errors in the system. Users cannot perform certain actions, or worse, people see sensitive data that they should not see. This can, in the worst case, constitute a DSGVO violation and lead to a fine for the company.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
To prevent this, an authorization concept must be in place that describes how authorizations are to be created and assigned to users.
SAP NetWeaver 7.31 introduces a new method for determining affected applications and roles by timestamping (see tip 45, "Using the timestamp in the transaction SU25").