Authorization concept - recertification process
Permissions must be maintained in every SAP system - a task that becomes more difficult the more complex the system landscapes and the greater the number of users. Especially in growing system landscapes, once defined concepts no longer fit the current requirements or the processes in role and authorisation management become more and more complex and cumbersome over time.
Small companies would theoretically benefit from an authorization tool. However, in many cases the tools are too costly, so the cost-benefit ratio is usually not given.
Excursus Special feature for authorizations for FIORI Apps under S/4HANA
Delete invalid SU24 Checkmarks: This function deletes all records that contain an unknown value as a check mark. This is either C (Check) or N (Do Not Check).
After activation, advanced security checks are available in the usual development environment within the ABAP Test Cockpit. The ABAP Test Cockpit is a graphical framework for developers. Various test tools, such as the Code Inspector or the SAP Code Vulnerability Analyser, can be integrated into this. All available test tools can be initiated from this central location and present their results in a common view. No training is required to intuit the tool.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
There are also roles, such as for the SRM system, that start with the /SAPSRM/ namespace.
The better these values are maintained, the less effort is required to maintain the PFCG roles (see figure next page).