Check Profit Centre Permissions in FI
Check the SAP authorization concept
You can customise the AIS cockpit to your needs. To do this, use the customising that you will also find in the transaction SAIS under the button Administration of the audit environment. Select Configure Audit Cockpit and you can define a default audit structure, the maximum line length for log entries, and the number of log entries per audit step.
Small companies would theoretically benefit from an authorization tool. However, in many cases the tools are too costly, so the cost-benefit ratio is usually not given.
Perform Risk Analysis with the Critical Permissions Report
Many tools that offer to simplify care operations of the transaction PFCG work Excel-based. The complete roll data is stored and processed in Excel. Then the Excel file is uploaded with a special programme and generates roles and role changes. While this all looks very comfortable (and probably is at first), it has its drawbacks in the long run.
When programming your permission check, always check the SY-SUBRC return code and define what should happen in the event of a non-successful permission check, i.e. if SY-SUBRC is not equal to 0. In most cases, an error message occurs and the programme is cancelled.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
If compensating controls have been implemented for this purpose, it is helpful if the IT department also knows about this so that it can name these controls to the IT auditor.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
To define table permissions in the PFCG transaction, it is not necessarily sufficient to specify the generic table display tools, such as the SE16 or SM30 transactions, in the role menu.