Analysis and reporting tool for SAP SuccessFactors ensures order and overview
ACCESS CONTROL | AUTHORIZATION MANAGEMENT FOR SAP®
Add SAP Note 1695113 to your system. With this note, the RSUSR200 and RSUSR002 reports are extended by the selection of different user locks or validity. In the selection, you can now distinguish whether you want to include or exclude users with administrator or password locks in the selection. In addition, you can select in the report RSUSR200 whether the users should be valid on the day of selection or not. To do this, select whether you want to select the user locks as set (01 set) or not set (02 not set) in the selection screen of the RSUSR200 report in the Locking after Lock section of the User Locks (Administrator) field. This includes local and global administrator locks. In the same section, you can also select the password locks (false logins) as set (01 set) or not set (02 not set). This will filter for users that are locked because of incorrect password messages and for which a password login is no longer possible. You can select these selection criteria together or separately. Alternatively, you can also use the Use only users without locks option and additionally, in the Selecting after the user is valid between user today and user today, select not valid.
The logging takes place in both the central system and the subsidiary systems. If the change documents are to be read for the attached subsidiary systems, the subsidiary systems must also be at the release and support package status specified in SAP Note 1902038. In addition, RFC users in their daughter systems need permission to read the change documents using the S_USER_SYS authorization object with the new activity 08 (Read the change document).
Controlling file access permissions
The evaluation performance of the Security Audit Log was optimised from SAP NetWeaver 7.31. For this extension, you need a kernel patch. For the fixes and an overview of the required support packages, see SAP Note 1810913.
If business partners are deposited to the user IDs, the standard evaluation paths lead to a dead end. Adjust it so that the indirect role mapping works anyway. In SAP CRM, you can set up an organisation management, as in SAP HCM. You can maintain organisational units and posts and assign business partners with their user IDs. In SAP CRM, however, there is the specificity that user IDs are not directly assigned to a job, but are usually indirectly assigned by the associated business partner. All persons and organisations involved in business processes are represented as business partners in SAP CRM.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
The necessary steps are described in SAP Note 330067.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
These transactions allow you to grant permissions only to specific tables or reports.