SAP Authorizations Take advantage of roll transport feature improvements

Direkt zum Seiteninhalt
Take advantage of roll transport feature improvements
Analysis and reporting tool for SAP SuccessFactors ensures order and overview
In addition to these requirements, other settings can ensure that the transaction can be performed without verification: Verification of eligibility objects is disabled by check marks (in transaction SU24). This is not possible for SAP NetWeaver and SAP ERP HCM authorization objects, i.e. it does not apply to S_TCODE checking. The checks for specific authorization objects can be globally off for all transactions (in transaction SU24 or SU25). This is only possible if the profile parameter AUTH/NO_CHECK_IN_SOME_CASES is Y. In addition, executable transactions may also result from the assignment of a reference user; the reference user's executable transactions are also taken into account.

The SAP administrator uses the concept to assign users their dedicated authorizations. Behind these is a checking mechanism based on so-called authorization objects, by which the objects or transactions are protected. An authorization object can comprise up to ten authorization fields. This allows complex authorization checks that are bound to several conditions.
Basic administration
The high manual maintenance effort of derived roles during organisational changes bothers you? Use the variants presented in this tip for mass maintenance of role derivations. Especially in large companies, it often happens that a worldwide, integrated ERP system is used, for example, for accounting, distribution or purchasing. You will then have to limit access to the various departments, for example to the appropriate booking groups, sales organisations or purchasing organisations. In the permission environment, you can work with reference roles and role derivations in such cases. This reduces your administrative overhead for maintaining functional permissions and reduces the maintenance effort for role derivations to adapt the so-called organisational fields. However, maintaining the organisational fields can mean enormous manual work for you, as the number of role derivations can become very large. For example, if your company has 100 sales organisations and 20 sales roles, you already have 2,000 role outlets. Here we present possible approaches to reduce this manual effort.

Look closely at the security advisory so that you can identify the affected programmes or functions and schedule appropriate application tests. Use a test implementation in the SNOTE transaction to identify additional SAP hints that are required for a security advisory and may also contain functional changes.

For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.

On www.sap-corner.de you will also find useful information about SAP basis.


This note ships with the RSAUDIT_SYSTEM_STATUS report.

So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.


Up to now, the values of customer-owned applications had to be either manually maintained in the PFCG role, or the suggested values maintenance in the transaction SU24 was performed manually.
Zurück zum Seiteninhalt