Compare Role Upgrade Permissions Values
What are the advantages of SAP authorizations?
With these methods, we not only help you with the implementation. You can also maintain and manage the solutions yourself afterwards, or you can trust us to run them for you: We call this Customer Success.
If transactions are changed in the role menu of a single role, this option is automatically suggested to the operator. In this option, the profile generator will match the pre-existing permissions data with the SU24 transaction permission proposals from the role menu. If new permissions are added to the permission tree during this comparison, they will be marked with the Update status New. Permissions that existed before the match are assigned the Alt update status.
Security Automation for HR Authorizations
The most important security services regarding permissions are the EarlyWatch Alert (EWA) and the SAP Security Optimisation Service (SOS). You compare the settings in your SAP systems with the recommendations of SAP. Both services are delivered as partially automated remote services; You can also use the SOS as a fully automated self-service. The EWA and SOS shall carry out eligibility tests, the results of which shall always be as follows: The heading indicates the check in question. A short text describes the importance of the audited entitlement and the risk of unnecessary award. A list indicates the number of users with the validated permission in the different clients of the analysed SAP system. The SOS also allows you to list the users. In the SOS, a recommendation is made for each check to minimise the identified risk. A final formal description represents the checked permissions. However, not only the explicitly mentioned transactions are evaluated, but also equivalent parameter or variant transactions.
The panel menus also simplify the maintenance of permissions to the audit structures. You can select the audit structures or area menus you use in role editing and import them into the roles as menus. If you want to set up a constraint on AIS users to specific audit structures or protect individual audits from access, you can use the S_SAIS authorization object. This object controls access to the audit structures or the audit numbers of individual audits.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The Insert function from the Clipboard is also available in the dialogue box for maintaining the organisation levels.
To have these ERP transactions available in SAP SCM, create a new PFCGE role in SAP SCM, e.g. ZS:XXXX:ERP_MENU.