SAP Authorizations Check Profit Centre Permissions in FI

Direkt zum Seiteninhalt
Check Profit Centre Permissions in FI
ICS for business processes in SAP systems
Since developer authorizations correspond to full authorization, they should only be assigned restrictively. This applies above all to the authorization for "debugging with replace" (see "Law-critical authorizations"). The risk of incorrectly assigned developer authorizations has also increased due to the elimination of additional protection via developer and object keys in S/4 HANA systems (see, among other things, SAP Note 2309060). Developer authorizations for original SAP objects should therefore only be granted here upon request in order to avoid unauthorized modifications. If developer keys are still relevant in the existing SAP release, the existing developer keys in table DEVACCESS should first be checked and compared with the users intended for development.

Now, if a user attempts to execute a report (for example, by using the KE30 transaction), the user's permissions for that authorization object are checked. Therefore, you must adjust your permission roles accordingly. If the user does not have permission to access the object, his request is rejected. If it has a corresponding permission, the display will be restricted to the permitted area. Access is still allowed for all characteristics or value fields that are not defined as fields of the authorization object.
Deleting versions
Authorization trace - Transaction: STUSOBTRACE - Transaction STUSOBTRACE is used to evaluate the authorization trace in the SAP system. This is a trace that collects authorization data over a longer period of time in several clients and user-independently and stores it in a database (table USOB_AUTHVALTRC).

If you use change request management in SAP Solution Manager, you can use the system recommendations in an integrated way. To do this, create an amendment in the system recommendations for the SAP hints to be implemented. To access the system recommendations, you must have permission for the SM_FUNCS object (ACTVT = 03; SM_APPL = SYSTEM_ REC; SM_FUNC = , such as SECURITY).

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

Some useful tips about SAP basis can be found on www.sap-corner.de.


For example, they can activate Succession & Development without affecting position management in Employee Central.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.


Depending on the requirements, the suggested values provided by SAP may be sufficient or need to be supplemented.
Zurück zum Seiteninhalt