What level of access is required to audit SAP security?
In order to perform a comprehensive review of SAP security, display access to several SAP Basis transactions is required. This level of access can be permitted by assigning the SAP standard profile "S_A.SHOW". It is a profile, not a role, and so will need to be assigned to the auditor user ID within the profile tab using transaction SU01.
Please note: this will not allow access to download reporting results into excel format. Therefore, this access (object S_GUI, value 61) will need to be granted separately to the auditor's user ID.