Roles and permissions in SAP SuccessFactors often grow organically and become confusing
Statistical data of other users
Conceptually, the user types Database User and Technical User are distinguished. Database users are users that represent a real person in the database. As soon as a Database User is deleted, all (!) database objects created by this Database User are also deleted. Technical users are users who perform technical tasks in the database. Examples include the SYS and _SYS_REPO users, which allow administrative tasks such as creating a new database object or assigning privileges.
In IT systems to which different users have access, the authorizations usually differ. How an authorization concept for SAP systems and the new SAP S/4HANA for Group Reporting can look.
Evaluate Permission Traces across Application Servers
When the auth/authorisation_trace parameter is turned on, external services are written to the USOBHASH table and permission checks are logged in the USOB_AUTHVALTRC table. You can now use the contents of this table to apply the checked objects and values from the trace to the suggestion values in the transaction SU24. Because it is a dynamic profile parameter, it is reset when the application server is launched. Now open the transaction SU24 and you will find your own UIK component as an external service. Double-clicking on this service will tell you that no suggestion values have been maintained there. You can apply these suggested values from the USOB_AUTHVALTRC table. Here you should at least maintain the UIU_COMP authorization object so that this information is loaded into the PFCG role as soon as you include the external service in your role menu.
The SAP administrator uses the concept to assign users their dedicated authorizations. Behind these is a checking mechanism based on so-called authorization objects, by which the objects or transactions are protected. An authorization object can comprise up to ten authorization fields. This allows complex authorization checks that are bound to several conditions.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
You can select the tables in the menu via Edit > Insert Table (or by pressing the button ).
The introduction of authorization tools takes some time, but should nevertheless be tackled by companies in order to increase efficiency in the long term and save costs at the same time.