Deletion of change documents
Authorization concept
It's never too late to rethink your authorization concept. Start by defining the objective of each role and take advantage of the reporting offered in SAP SuccessFactors.
Not all users should be able to log on to the application server during your maintenance? Use the security policy and a new profile parameter. When you are performing maintenance work on your SAP system, it is always necessary to prevent users from logging into the application server. This often excludes a small group of administrators who are still allowed to log on to the system. Until now, users had to be locked and the group of administrators excluded from this lock. This is now easier by using the security policy in combination with the login/server_logon_restriction profile parameter.
Reset Manually Maintained Organisation Levels to Roles
Excel-based tools typically do not know the release-specific suggestion values (they often work without the in-system suggestion value mechanism, because they do not use the PFCG transaction). This also means that it is not possible to upgrade rolls with standard SAP tools, such as the SU25 transaction. This also increases the dependency on the external tool, and the authorisation system is further removed from the SAP standard and the best practices recommended by SAP in role management.
In the event that such conflicts nevertheless arise, regular checks should be established as part of an internal control system. Furthermore, the authorization concept includes content such as the integration of the data owner, security-relevant system settings, specifications for maintaining authorization default values (transaction SU24) and documentation requirements.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
Some useful tips about SAP basis can be found on www.sap-corner.de.
Safeguard measures: After automatic generation, change the user's password and assign it to the SUPER user group.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
If user data is present in multiple systems, then the first choice is to automatically create a user through an identity management system, which is resolved by an HR trigger in SAP Identity Management (ID Management).