SAP Authorizations Critical authorizations

Direkt zum Seiteninhalt
Critical authorizations
Law-critical authorizations
The first step to eliminating sprawl in permissions is to prevent it. To do this, administrators should obtain an overview and the assigned authorizations should be checked regularly. This helps to identify problems and incorrectly assigned authorizations at an early stage. The workload monitor can help here. This shows which authorizations users are actually using. The use of authorizations can be analyzed selectively and exported to tables. This also helps to improve existing roles and to create new roles for the authorization model in SAP.

You will be aware that you do not necessarily have to move in the Customer Name Room when assigning names of PFCG roles and therefore have a lot of freedom. The only limitation here is that you may not use the namespace of the roles that are interpreted by SAP. First, you must agree on the form of the names. A fundamental decision is to define the language in which the PFCG roles must be maintained. Although this does not necessarily have an influence on the role name, since it is the same in all languages, you will certainly have descriptive elements in your role name. The role description and the long text are also depending on the language. It is therefore useful to start the roles in the language which is also used most frequently, and also to cultivate the descriptive texts first in this language. If roles are required in different languages, you can translate the texts.
Change management
Careful preparation is a prerequisite for a successful authorisation check. A functional specification must be created for all customer-specific functionalities. This forces us to think about what the actual requirements of the application are and then describe the possible implementation. In doing so, security-related aspects, such as eligibility testing and allocation, must be taken into account. Define what you can do with this programme and also what you cannot do explicitly! In the case of a permission check, not only the activity to be performed, such as reading, changing, creating, etc. , can be checked. You can also restrict access to records by using specific criteria, such as field content or organisational separators.

Secure management of access options in the SAP system is essential for any company. This makes it all the more important to analyze and improve the authorizations assigned. This step serves as optimal preparation for your S/4 HANA migration. Managed Services supports central and efficient administration to ensure an optimal overview. In order to sustainably improve your processes, a database provides information on possible optimizations for SAP licenses.

During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.

Some useful tips about SAP basis can be found on www.sap-corner.de.


SAP CO can be subdivided into several further subareas.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.


In many distributed organisations, the Profit Centre is used to map out the distributed units.
Zurück zum Seiteninhalt