Limitations of authorization tools
SAP Authorizations - Overview HCM Authorization Concepts
Database Schema Privileges permissions: Schema Privileges are SQL object permissions that control access to and modification of a (database) schema, including the objects contained in that schema. A user who has an Object Privilege for a schema also has the same Object Privilege for all objects in that schema.
The customising objects you have just created are now integrated into your own IMG structure. To do this, open the SIMGH transaction again, call your structure in Change mode, and paste it under the previously created folder by selecting Action > Insert a Level Lower. You should already create a documentation of the same name with the installation of the Customising objects. To do this, select the Create button on the Document tab and write a text to save it and then activate it.
Check and refresh the permission buffer
Developer and customizing authorizations represent a great potential danger in productive SAP systems. Here, authorizations must be assigned very restrictively, e.g. only to emergency users. The same applies to RFC connections from a development system to productive systems. Such connections can only be used to a very limited extent.
The results of the evaluation are marked with a coloured symbol. Classification varies for the different eligibility tests. The EWA does not only contain security-related tests and is therefore divided into different sections (e.g. hardware, performance). The test results in these areas are displayed with a traffic light symbol. If one of the tests within a section is indicated in red, the traffic light for that section shall also be set in red.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
Reasons for incorrect organisational levels are values that have been manually maintained in the authorization object itself, instead of using the Origen button, as well as incorrect transports or incorrectly created or deleted organisational levels.
This is what enables users to work with the SAP system in the first place, but it can, under certain circumstances, unintentionally add up to conflicts over the separation of functions or even legally critical authorizations.