Header Ads Widget

Responsive Advertisement

Critical authorization objects in SAP

Let's have a look at some of the critical authorization objects in SAP. From an Audit perspective, it is pertinent that special care must be taken while assigning full access ‘*’ to any field value.

 S_PROGRAM – All critical programs and reports should be linked with proper authorization groups. Appropriate action should be maintained for this object.
  • S_TABU_DIS – Caution should be taken while maintaining change access for this object.
  • S_TABU_CLI – Access to this object should be strictly restricted.
  • S_TCODE – Make sure that this authorization object does not give access ‘*’ access or access to big ranges using wildcards on the TCD field.
  • S_DEBUG – Should be assigned with caution. Make sure not to give the change – debug access in production.
  • S_RZL_ADM – For R/3 System administration using the CCMS. This should only be required by Basis.
  • S_ADMI_FCD – For checking access to some Basis functions, like spool administration and monitoring. Normally for Basis Team only.
  • S_BTCH_ADM – For processing background jobs. Only needed by Basis or Background admin.
  • S_BDC_MONI – For batch input management and monitoring – Can be assigned to Functional Team when they upload data using LSMW
  • S_CTS_ADMI – For administration functions in the Change and Transport System. Only to Basis.
  • S_LOG_COM – For executing external operating system commands – Only to Basis.
  • S_TRANSPRT – For transport organizer – Only to Basis.
  • S_DATASET – For accessing files from ABAP/4 programs. ABAP Program name and File Path should be maintained with caution.
  • S_USER_* – This should be maintained very carefully. Make sure to give display access (activity 03) only. For Security Team.



Post a Comment

0 Comments

Sap Web Dispatcher Installation- Step By Step Procedure