A couple of years ago, when I was searching for useful information about SAP Security/SAP Authorizations I stumbled upon an incredible source of information online. Doing some more research the past year I actually found more and more quality blogs about this particular topic. Below you'll find a list of 3 websites I think you'll find beneficial.
The first website is managed by Marie-Luise Wagener, a real expert in the field of SAP Security & Authorizations/GRC/...
Even if you are already a senior consultant in this area, I think you'll still be able to greatly benefit from the articles, and even free books she is offering on these topics.
Make sure to visit the following page where she offers a lot of useful PDF documents about following topics:
- Transaction code SE16N risk and control
- The usage of authorization objects S_TABU_DIS & S_TABU_NAM
- Table Access (Table Protection) via SE16; SE16N, SE17, SM30; SM31 etc
- SAP PFCG Role naming convention
- The Authorization check for Dialog Users
- The usage of SAP User Groups
- How To adapt sap authority checks in reports
- SAP System and Client Change options
- SAP System Parameter Changes
- SAP Standard vs Special Users
- Creation of SAP Table Authorization Groups
- SAP PFCG Indirect Role Assignment
- SAP Parameter Transactions
- Another very useful website is called SAP SECURITY EXPERT and is managed by Raghu Boddu. You'll find a great deal of very intresting blogposts
- A third website you might want to put in your favorites in the area of SAP Authorizations would be SAP Security Pages which is owned by Aninda, who on its turn provides useful blog posts about many SAP Security related topics.