Handle the default users and their initial passwords
Roles and permissions in SAP SuccessFactors often grow organically and become confusing
Documents: The documents in the audit structure describe the audit steps. You can create them in accordance with your audit requirements. You can recognise documents by the symbol. Double-click on this icon to open the document.
Especially in complex and multi-level system landscapes, roles may be assigned to a user twice. In addition, roles may also have expired due to the specification of a validity period. To keep your role concept and your user administration maintainable and clean, it is recommended to delete these obsolete roles. You can do this by clicking on the report PRGN_COMPRESS_TIMES. This program is also available via the PFCG under the system tab "Utilities" and category "Mass adjustment".
How to analyze roles and authorizations in the SAP system
This only takes into account the applications that are maintained in the role menus of the selected PFCG roles. If you have set the check for Only applications with changed SU22 data, only applications where the suggestion values have been changed by an import, e.g. by Support Packages or Enhancement Packages, will be used. Take the step to take the data from the SU22 transaction by selecting your applications. You will now get a list of applications that you need to match. Select the rows that the applications to match. The buttons in the menubar help you to adjust.
Since at least developers in the development system have quasi full authorizations, as mentioned above, concrete access to a critical RFC connection can therefore not be revoked. Since RFC interfaces are defined for the entire system, they can be used from any client of the start system. Existing interfaces can be read out via the RFCDES table in the start (development) system.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
The website www.sap-corner.de offers many useful information about SAP basis.
In this way, you can also protect transactions that are indirectly accessed by other programs.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
Before you make any changes to the default users, you must ensure that they are not used in, for example, RFC connections, background jobs, or interfaces.