SAP Security more than PFCG.
SAP Security beyond the traditional use of the PFCG (Profile Generator) transaction. SAP Security is a crucial aspect of managing and protecting SAP systems, and it encompasses various components and practices. Let's explore some key aspects of SAP Security beyond PFCG:
SAP Security is a broad and evolving field, and staying informed about the latest security trends, best practices, and SAP updates is crucial to maintaining a robust and secure SAP landscape.
Yesterday our friend @ashutosh-kumar-verma mentioned below T-codes.
PFCGMASSADDTEXT: You can use this t-code to add descriptions to long texts for roles. This does not overwrite any existing long texts.
PFCGMASSCOLLASSIGN: You can use this T-code to add or delete assignments of single roles in composite roles. Saving applies the changes of the indirect single role assignments to users automatically.
PFCGMASSDELETE: You can use this T-code for the mass deletion of roles. Roles are captured in a TR automatically before deletion. The following however cannot be deleted through this t-code:
· Parent roles
· Single roles as a component of composite roles
· Roles with user assignments
PFCGMASSVAL: You use this T-code to change the authorization values of roles. This includes changing organizational levels, changing the field values of authorizations for an authorization object, and changing the field values of authorizations for an authorization field (for different objects). It is also possible to add and delete a manual authorization for exactly one authorization object.
There are some more reports are available useful for future use.
PFUD =report RHAUTUPD_NEW User master data reconciliation
RSSCD100_PFCG =report RSSCD100_PFCG Show change documents for roles
RSSCD100_PFCG_USER =report RSSCD100_PFCG Show change documents for role assignments.
SUPC = report SAPPROFC_NEW Generate role profiles
Reports:
Recommended by LinkedIn
AGR_RESET_ORG_LEVELS = Reset manual status and contents of organizational levels
PFCG_MASS_DOWNLOAD = Bulk role download (upload via PFCG -> Role -> Upload)
PFCG_MASS_IMPORT = Bulk role import via RFC
PFCG_MASS_TRANSPORT = Role Transport
PFCG_ORGFIELD_ROLES = Synchronize Roles with Organizational Level Definitions
PFCG_UPDATE_ALL_ROLES = Generate role profiles
PRGN_COMPRESS_TIMES = Compression of User Assignments for Roles
PRGN_DISPLAY_AUTH = Display Authorizations of Roles
PRGN_INFO_COMPOSITE_ROLES = Create Statistics for Production Composite Roles
PRGN_STATUS_ALL= Status overview
Please connect and follow me for the next upcoming informative articles.
Cheers :)
Cyber Security Senior consultant | GRC| Risk Manegement | CyberSecurity
11moJonatan Lourenço
Senior Technical Specialist at IBM
1yReally Useful info!