Add New Organisation Levels
Maintain generated profile names in complex system landscapes
You have read that it is possible to perform mass activities, such as mass roll-offs, using standard means. This is all too complicated for you, and you are still looking for simple solutions for role maintenance? I'm sure you'll have a look at tools from SAP partners that promise to help. In this context, we would like to give you some more information in this tip. There is a very practical occasion: We have too often found a "broken" authorisation system with SAP customers, caused by the incorrect application of additional programmes. Sometimes, the role content was misaligned and the suggestion values were not neatly maintained, so at some point the permission administrators couldn't figure out what to do. Therefore, you should check very well whether the tool you are considering is actually suitable for your purposes.
Note that the S_TCODE authorization object is always filled with the current transactions from the roles menu. If organisational levels are also included that are no longer required, they will be automatically deleted. If, however, organisational levels are added depending on the transaction, they should be maintained first in the eligibility maintenance.
Understanding SAP HANA Permissions Tests
Even the best authorization tools cannot compensate for structural and strategic imbalances. Even a lack of know-how about SAP authorizations cannot be compensated for cost-effectively by means of tools.
In order to transport this table entry, you must go to the object list of the transport order in transaction SE09 and manually create an entry there with object key R3TR TABU KBEROBJ. Double-click on the key list, and you will be taken to the care image where you have to create an entry with *. This will transport all entries in the KBEROBJ table starting with a space. You must then move the RESPAREA field to the organisational level. Please follow the instructions in our Tip 49, "Add New Organisation Levels". If you use more than one Cost Centre or Profit Centre hierarchy with inheritance logic for the permissions, you must set this in the Customising cost accounting circles through the transaction OKKP. There you can decide in the year independent basic data which hierarchies you want to use. In the basic data for the year, you then define which hierarchies should be used per fiscal year. You can use up to three hierarchies for entitlement award for cost centres and profit centres.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
In this article, I show you with which transaction you can easily and quickly run the authorization trace in SAP ERP or SAP S/4HANA.
He or she conscientiously answers questions such as "May data be changed / viewed / deleted?", "How is action taken in the event of a data leak?", "Who may access the data and how, and what may be done with it?".