Archive change document management for user and permission management
System trace function ST01
If the FIORI interface is then used under SAP S/4HANA, the additional components must also be taken into account here. Authorizations are no longer made available to the user via "transaction entries" in the menu of a role. Instead, catalogs and groups are now used here. These are stored similar to the "transaction entries" in the menu of a role and assigned to the user. However, these catalogs must first be filled with corresponding tiles in the so-called "Launchpad Designer". It is important to ensure that all relevant components (tile component and target assignment component(s)) are always stored in the catalog. The FIORI catalog is used to provide a user with technical access to a tile. A corresponding FIORI group is used to make these tiles visually available to the user for access in the Launchpad.
The Three Lines of Defense model is used to systematically approach risks that may arise in companies. It integrates operational controls as well as risk management, information security, and internal auditing. It can be used to assess and classify the risks arising from SAP authorizations. The monitoring of risks is incorporated into the processes, so that there is constant control by various bodies. This reduces the risks considerably and ensures a clean authorization assignment.
Lack of know-how
From the result of the statistical usage data, you can see which transactions (ENTRY_ID) were used, how often (COUNTER), and how many different users. There are various indications from this information. For example, transactions that were used only once by a user within 12 months could indicate a very privileged user, or inadvertently invoking a transaction for which a user has permissions. The future assignment of such transactions in the SAP role concept should then be critically questioned. In contrast, you should consider transactions with a high level of usage and a large user circle (e.g. with more than ten users) in an SAP role concept.
Excel-based tools that do not use the PFCG transaction in the background, like eCATT, function almost exclusively on the one-way principle: Simultaneous maintenance of roles in the PFCG transaction is no longer possible, and changes there are overwritten by the tool. This means that all permission administrators must work exclusively with the new solution.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
However, our experience from customer projects shows that only very few authorization administrators know how to correctly authorize the scenarios.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
How to proceed? First of all we come to case 1 This case, that someone has no authorization for something, supports the system excellently! The code word is SU53! If a transaction encounters an authorization error, then this error is written to a memory area that can be displayed.