The SAP authorization concept
Consolidate user-level role mapping
Because certain types of permissions, such as analysis permissions, for SAP BW, or structural permissions in SAP ERP HCM are not based on SAP permission profiles, these permissions are not displayed or refreshed in the permission buffer. To analyse such eligibility issues, you must therefore use the appropriate tools, such as the HRAUTH transaction for SAP ERP HCM or the RSECADMIN transaction for SAP BW. The same applies to the Organisation Management buffer if you use indirect role mapping. Run the RHWFINDEXRESET report to reset the Organisation Management buffer. A prerequisite for the user buffer to be up-to-date is the correct user matching (green instead of yellow statusabilds on the Users tab).
To define the proposed values for the new transaction, use the transaction SU24_S_TABU_NAM. In the selection mask, you can either enter your new Z transaction, or you can enter the SE16 transaction in the Called TA search box. This will search for all parameter transactions that use the SE16 transaction. In the result list, you will find all parameter transactions that use the SE16 transaction as the calling transaction. The last two columns indicate whether the S_TABU_DIS or S_TABU_NAM authorization objects have suggestion values maintained in the SU24 transaction.
Change management
From release 10.1, SAP Access Control supports the creation of users and the assignment of roles and privileges in HANA databases. If you use the concept of business roles in SAP Access Control, you can achieve an automatic installation of the users in SAP NetWeaver AS ABAP and HANA database and the assignment of the ABAP and HANA technical roles (or privileges) when assigning a business role.
The goal is for SAP SuccessFactors users to maintain an overview of roles and authorizations in the system. Analysis and reporting tools help to achieve this. At ABS Team, we use our own combination of an SAP SuccessFactors solution and external documentation for this purpose. As the first graphic shows, our approach is built on a delta concept: all SAP authorizations and processes function independently of each other.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
If you want to get more information about SAP basis, visit the website www.sap-corner.de.
In this case, it may be useful to download the archived revision documents back to a shadow database to make them available for faster review.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
If you notice that you do not have any suggestion values that you think are necessary and have been recorded by the trace, you can set the suggestion values to Yes by selecting the appropriate row, column or field in the right pane and clicking the Apply button.