SAP Authorizations - Overview HCM Authorization Concepts
Note the effect of user types on password rules
Small companies would theoretically benefit from an authorization tool. However, in many cases the tools are too costly, so the cost-benefit ratio is usually not given.
In addition to existing authorization objects, you can also create your own authorization objects and select existing authorization fields such as Activity (ACTVT). To the individual fields then, as with ACTVT, the permissible options which are deposited at the field can be specified. Thus, for an own authorization object with the authorization field ACTVT, the activity 01 Add or Replace, 02 Change and 03 Display can be selected and would then be available as a selection in the authorization field in the role maintenance.
What to do when the auditor comes - Part 1: Processes and documentation
Repair defective field list in SU24 suggestion values: This function verifies that all the authorization objects used in the permission proposals are consistent, that is, fit to the authorization object definitions from transaction SU21. If there are no permission fields or if there are too many entries, these data will be corrected in the proposal values.
In case of missing authorizations, SAP Basis also helps with an authorization trace in addition to the well-known SU53 for a more detailed analysis of authorization objects. The article "SAP Basis Basic or finding missing authorizations thanks to SU53 or ST01 Trace" describes this in more detail.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
A user inherits the classification of the reference user if they do not have any other role or profile mappings with classification, or if they have not been classified manually.
Of course, you can always adjust the proposed values according to your requirements.