This composite profile contains all SAP authorizations, meaning that a user with this profile can perform all tasks in the SAP System. You should therefore not assign any of your users this authorization profile. We recommend that you create only one user with this profile. You should keep the password of this user secret (store it in a safe) and only use it in emergencies (see also Protective Measures for SAP*).
Instead of using the SAP_ALL profile, you should distribute the authorizations it contains to the appropriate positions. For example, instead of assigning your system administrator (or superuser) the authorization SAP_ALL, assign him or her only those that apply to system administration, namely the S_* authorizations. These authorizations give him or her enough rights to administer the entire SAP system, without allowing him or her to perform tasks in other areas such as Personnel.