Check Profit Centre Permissions in FI
Rebuilding the authorization concept
Even the best authorization tools cannot compensate for structural and strategic imbalances. Even a lack of know-how about SAP authorizations cannot be compensated for cost-effectively by means of tools.
You can use the previously created organisational matrix to either mass create new role derivations (role derivation) or mass update role derivations (derived role organisational values update). For both scenarios, there are separate Web-Dynpro applications, in which you must select the corresponding reference roles.
Starting Web Dynpro ABAP applications
Here I had to look for a moment at which point for SAP key users and not only for the SAP Basis in the SAP system an authorization is callable and may like to take this as an opportunity to write here in the article a few basics on the "anatomy" of SAP authorizations. To access the SAP system, the first thing you need is an SAP user ID (User). The user maintenance transaction SU01 (or SU01D) can be used to assign roles (from which profiles are derived) in addition to the (initial) password and personal data.
Running the system trace for permissions gradually for each application server is tedious. We will show you how to record permission checks on multiple servers at the same time. If you want to use the System Trace for permissions in a system with multiple application servers, you should note that the Trace can only log and evaluate data per application server at any time. Therefore, if a permission error occurs, permission administrators must first check which application server the user is logged on to with the permission issue and then start the trace on that application server. We give you a guide to record permissions checks on certain application servers, but we also show you a way to use this feature centrally.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
Since program changes are usually transported into the production system, which can potentially have an impact on the annual financial statements, the audit of the process is an essential part of the annual financial statement audit.
However, there is also the possibility to view missing permissions centrally for all users.