SAP S/4HANA® migration audit
RSUSR003
The Security Audit Log now also logs events where the runtime was affected by the debugger. New message types have also been defined in this context. To install this extension, you will need a kernel patch. For the fixes and an overview of the required support packages, see SAP Notes 1411741 and 1465495.
Various activities, such as changes to content or the assignment of roles, are made traceable via change documents. This authorization should only be assigned to an emergency user.
CONCLUSION
In addition to these requirements, other settings can ensure that the transaction can be performed without verification: Verification of eligibility objects is disabled by check marks (in transaction SU24). This is not possible for SAP NetWeaver and SAP ERP HCM authorization objects, i.e. it does not apply to S_TCODE checking. The checks for specific authorization objects can be globally off for all transactions (in transaction SU24 or SU25). This is only possible if the profile parameter AUTH/NO_CHECK_IN_SOME_CASES is Y. In addition, executable transactions may also result from the assignment of a reference user; the reference user's executable transactions are also taken into account.
After creating a authorization object, you should do the following: Make the permission check implementation at a convenient location in your code. Maintain the proposed values for the application in the transaction SU24. Re-load the role in the PFCG transaction if the application has already been rolled. If it is a new application, adjust the roles by including the new application in the Role menu, and then maintaining the permissions of the authorization objects loaded into the role by the suggestion values.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
Thus, after evaluation, you can select all SAP hints with the status to implement and load directly into the Note Assistant (transaction SNOTE) of the connected system.
These can refer to all fields in the FAGLPOSX structure.