SAP Authorizations Rebuilding the authorization concept

Direkt zum Seiteninhalt
Rebuilding the authorization concept
Object S_BTCH_ADM (batch administration authorization)
As an SAP SuccessFactors implementation partner, we are often confronted with complex authorization constellations. For sure: If a consulting company does not implement a process first and the "framework" is missing as a result, the existing SAP authorizations must be analyzed retrospectively and the underlying concept must be understood. Only then can the new process be meaningfully inserted into the authorization concept.

Permissions must be maintained in every SAP system - a task that becomes more difficult the more complex the system landscapes and the greater the number of users. Especially in growing system landscapes, once defined concepts no longer fit the current requirements or the processes in role and authorisation management become more and more complex and cumbersome over time.
Authorization concept
The assignment of the SAP_ALL profile is not required for the operation of an SAP system; therefore, a yellow icon will appear for the first check once a user has assigned the profile. For the other six checks on critical base permissions, the yellow icon will be displayed when a client is found on the system and at least one of the following two conditions applies: More than 75 users have the permission checked in this check. More than 10% of all users have the permission checked in this check, but at least 11 users.

Roles can be assigned to users directly through user management in the SU01 transaction, role maintenance in the PFCG transaction, or mass change of users in the SU10 transaction. However, if the employee changes his or her position in the company, the old roles must be removed and new roles assigned according to the new activities. Because PFCG roles are created to represent job descriptions, you can use organisational management to assign roles to users based on the post, job, etc.

However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".

On www.sap-corner.de you will also find useful information about SAP basis.


There are also roles, such as for the SRM system, that start with the /SAPSRM/ namespace.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.


We will now show you how to use the new features of the SAP NetWeaver Application Server ABAP to increase transparency in upgrading suggestion values and mixing PFCG roles.
Zurück zum Seiteninhalt