Authorization Profile SAP_ALL

This composite profile contains all SAP authorizations, meaning that a user with this profile can perform all tasks in the SAP System. You should therefore not assign this authorization profile to any of your users. We recommend that you maintain only one user with this profile. You should keep the password of this user secret (store it in a safe) and only use it in emergencies (see also Protective Measures for SAP*).

Instead of using the SAP_ALL profile, you should distribute the authorizations contained within it to the relevant places. You should, for example, not assign the SAP_ALL authorization to the system administrator (or superuser), but rather only the authorizations required for system administration, that is the S_* authorizations. This gives the administrator authorization to administer the entire SAP System. However, he or she cannot perform any tasks in other areas (such as HR).

No comments:

topics