Customising User and Permissions Management
It is very important that critical authorizations are generally subject to a monitoring process in order to be able to ensure that they are assigned in a productive system in a very restricted manner or not at all. Law-critical authorizations in particular, such as deleting all change documents, debugging ABAP programs with Replace, and deleting version histories, must never be assigned in a production system, as these authorizations can be used to violate the erasure ban, among other things. It must therefore be ensured that these authorizations have not been assigned to any user, not even to SAP® base administrators.
The goal is for SAP SuccessFactors users to maintain an overview of roles and authorizations in the system. Analysis and reporting tools help to achieve this. At ABS Team, we use our own combination of an SAP SuccessFactors solution and external documentation for this purpose. As the first graphic shows, our approach is built on a delta concept: all SAP authorizations and processes function independently of each other.
What are the advantages of SAP authorizations?
An SAP authorization concept is used to map relevant legal standards and internal company regulations to the technical protection options within an SAP system. Authorization concepts are thus the key to optimal protection of your system, both externally and internally.
Further changes can be found when using the proof of use. When you click on the button (proof of use), you will receive a new selection. You can check which permissions, SU24 suggestion values, or SU22 suggestion values the authorization object uses. The ABAP-Workbench selection, as in previous releases, provides you with the proof of use for implementing the authorization object in programmes, classes, and so on. You can use the SAP NEW Data button to mark whether this authorization object is relevant to an SAP New role of a particular release.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
To keep track of which users can access which tables, run the SUSR_TABLES_WITH_AUTH report.
In many distributed organisations, the Profit Centre is used to map out the distributed units.