Maintain derived roles
It's never too late to rethink your authorization concept. Start by defining the objective of each role and take advantage of the reporting offered in SAP SuccessFactors.
All permission checks are issued in table form as an ALV list. You can sort or filter this list by column. Furthermore, all the new features of the transaction ST01, which we listed at the beginning of this tip, have been applied for evaluation. Double-clicking on a authorization object will direct you to the authorization object definition, and double-clicking on the transaction will direct you to the programme location where the permission check is performed. For more tips on how to use this trace, see Tip 32, "Maintain permission values using trace evaluations," and Tip 39, "Maintain suggestion values using trace evaluations.".
Features of the SAP authorization concept
You will find all the user favourites of a system in the SMEN_BUFFC table; additionally there is the table SMEN_BUFFI, in which the links from the favourite lists are stored. You can simply export this table to Microsoft Excel and then evaluate it. At this point, however, we would like to point out that you may not evaluate the favourites without prior consultation with the users, because the stored favourites are user-related and therefore personal data. The SMEN_BUFFC table contains various fields that determine the structure of the placed favourites. For example, you can create folders in your favourites to sort them. This folder structure can also be found in the SMEN_BUFFC table. However, the entries themselves that you will find in the REPORT field are important for the re-creation of a permission concept. The REPORTTYPE field tells you whether the entry in question is, for example, a transaction or a Web-Dynpro application. In the TEXT field, if required, you will find the description of the favourite entry. In addition, you should also pay attention to the TARGET_SYS field, since favourites can also be entered for other systems, in this case an RFC target system is entered under TARGET_SYS.
Now the SAP system is basically able to encrypt emails. However, the system still lacks the recipient's public key. You can manage the required public key information in the Trust Manager's address book. You can find the address book in the Transaction STRUST menu under Certificate > Address Book. Here you can import individual certificates by selecting the corresponding certificate in Certificate > Import Certificate. To get the certificates for all relevant users in this address book via a mass import, use the example programme Z_IMPORT_CERTIFICATES appended in SAP Note 1750161 as a template for a custom programme.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Both transactions have the same start properties, but are used for different purposes and display different data.
This allows you to review the history of the audit results at a later stage or to view only the results of the last audit.