I just want to discuss one idea I have and that is that I do not see why there should exist such a powerful profile in the system as SAP_ALL.
Please do not attack me already, please read the entire post before flaming me....
I see it the same way as for the standard passwords for SAP. When everyone knows the password and can login as SAP as long as we do not change the standard password (i know in newer installations that SAP* get the master password).
The risk with SAP_ALL is that there are so many ways to "hack" yourself to this profile, I know quite a few, and always try to stop them.
My view on this is that in a normal operating system the SAP_ALL profile is not needed. So my proposal is to empty the SAP_ALL profile from authorizations, but still keep it in the system. So if some "experienced" developer tries to work his/her way onto higher authorizations and succeeds by adding the SAP_ALL profile to his/her own user. Then the developer should not get the actual authorizations.
Of course the SAP_ALL is needed IF any major issue later on arises and profiles/roles existing in the system are not sufficient. Then SAP_ALL can be generated using the standard reports when needed.
At all the companies/clients I have been at, I cannot remember any critical error that actually needed the SAP_ALL profile. The most critical error was closing down the SAP-system and you could not log in to the system anyway.
So finally, is there really any need for the SAP_ALL in a normal operating landscape?
(of course in the installation/upgrade phase and maybe even some implementation phases I can agree that the profile can be used).
I am looking forward to your thoughts and comments around this.