SAP Authorizations Efficient SAP rollout through central, tool-supported management

Direkt zum Seiteninhalt
Efficient SAP rollout through central, tool-supported management
Structural authorizations
Configuration validation uses the CCDB's configuration data to reconcile settings. To do this, you define your customer-specific security settings technically in a target system. This contains the specifications for the configuration of SAP systems. You can also define a target system based on the settings of an existing system and adapt it to your requirements. Then you compare the settings of your SAP systems with this target system on a daily basis and get an overview of the deviations. Since there may of course be different security requirements for the systems in your landscape (e.g. development and production systems), you can define different target systems with the appropriate settings. You then start the comparison with a target system for the relevant systems. Alternatively, you can compare to an actual system; For example, this is a useful function in the context of a roll-out.

Both solutions offer you the added value of centralised reporting of existing users, newly created users, and role assignments. You can also extend the integrated workflows of both solutions to HANA permission applications. This enables you to use the risk analysis of the SAP Access Control solution also in relation to critical HANA permissions.
Rebuilding the authorization concept
In order to avoid inconsistencies during the release of the transport order, all the roles on the order will be blocked during release. If roles cannot be locked, the job release fails. You can see the reason for the failed share and the cause of other errors in the transport log.

If you have defined the roles to the extent that the essential processes are depicted, then you will technically check which organisational features they contain (organisational levels, but also cost centres, organisational units, etc.). You then compare the technical result with the result from the consideration of the structure organisation and the business role description. A likely result is that you do not have to use all technical organisational features for differentiation. A possible result is that you want to add fields such as the cost centre to the organisation level.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.


The AIS cockpit is currently in pilot delivery without SAP default audit structures.

A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.


The role menu of the PFCG role now consists of folders that represent all logical links within a scope start page, and external services that represent the logical links and the area start pages themselves.
Zurück zum Seiteninhalt