Roles and permissions in SAP SuccessFactors often grow organically and become confusing
User & Authorization Management with SIVIS as a Service
System Privileges (Database System) permissions: System Privileges are SQL permissions that control administrative actions throughout the database. Such actions include creating a (database) schema (CREATE SCHEMA), creating and modifying roles (ROLE ADMIN), creating and deleting a user (USER ADMIN), or running a database backup (BACKUP ADMIN).
If a transaction is removed from the role menu, the default permission is deleted when mixing. However, this only applies if no further transaction requires this permission and therefore uses the same permission proposal. This applies to both active and inactive default permissions.
Object S_BTCH_ADM (batch administration authorization)
Run the System Trace for Permissions (ST01 or STAUTHTRACE transaction) to record permission checks that you want to include in the role (see Tip 31, "Optimise Trace Evaluation"). Applications are logged through the Launch Permissions checks.
You use Central User Management and wonder why you still need to evaluate the licence data individually in the attached systems. This does not have to be the case, because a central evaluation is possible! There are licence fees for using SAP systems, and you need SAP licence keys. The amount of your licence costs will be determined during the current operation, depending on the number of users and the features used in the SAP software. The survey programme (transaction USMM), the results of which you transmit to SAP, serves this purpose. Not only the number of users is relevant, but also their classification, the so-called user types. You assign these to the user via the transaction SU01 or the transaction SU10 (Licence Data tab). Alternatively, you can let the user inherit the user type of a reference user or classify it via an associated role. This is done by analogy when you use the Central User Administration (ZBV). So far, there has been no central evaluation of the data of all systems connected to the ZBV. Now this has changed, and we'll show you how you can use this analysis.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
Worse is the case that someone has too many permissions, i.e. the type: "User xy should not have this permission anymore" (CASE2).
The results are presented in a table where each row corresponds to a value interval of a permission.