Let's have a look at some of the critical authorization objects in SAP. From an Audit perspective, it is pertinent that special care must be taken while assigning full access ‘*’ to any field value.
S_PROGRAM – All critical programs and reports should be linked with proper authorization groups. Appropriate action should be maintained for this object.- S_TABU_DIS – Caution should be taken while maintaining change access for this object.
- S_TABU_CLI – Access to this object should be strictly restricted.
- S_TCODE – Make sure that this authorization object does not give access ‘*’ access or access to big ranges using wildcards on the TCD field.
- S_DEBUG – Should be assigned with caution. Make sure not to give the change – debug access in production.
- S_RZL_ADM – For R/3 System administration using the CCMS. This should only be required by Basis.
- S_ADMI_FCD – For checking access to some Basis functions, like spool administration and monitoring. Normally for Basis Team only.
- S_BTCH_ADM – For processing background jobs. Only needed by Basis or Background admin.
- S_BDC_MONI – For batch input management and monitoring – Can be assigned to Functional Team when they upload data using LSMW
- S_CTS_ADMI – For administration functions in the Change and Transport System. Only to Basis.
- S_LOG_COM – For executing external operating system commands – Only to Basis.
- S_TRANSPRT – For transport organizer – Only to Basis.
- S_DATASET – For accessing files from ABAP/4 programs. ABAP Program name and File Path should be maintained with caution.
- S_USER_* – This should be maintained very carefully. Make sure to give display access (activity 03) only. For Security Team.
0 Comments