Set up permissions to access specific CO-PA measures
Check current situation
The best way for companies to combat historically grown uncontrolled growth in authorizations is to prevent it. An analysis of whether the current authorization concept is sufficient for the company helps here.
Changes in customizing and various security-relevant changes, such as the maintenance of RFC interfaces, can be viewed via table change logs. This authorization should only be given to an emergency user.
Essential authorizations and parameters in the SAP® environment
SAPCPIC: SAPCPIC is not a dialogue user, but is used for EDI usage in older releases (EDI = Electronic Data Interchange); in default, SAPCPIC has permissions for RFC access. However, you should not use this user for them, nor for batch processes, but you must create other users for these applications. Safeguard measures: Lock down the user, change the password, assign it to the SUPER user group and log it with the Security Audit Log.
Numbers/reminders: The payment and/or collection procedure shall be managed solely on the basis of information from the collection perspective (in particular Table BSEG). For customer and vendor transactions, the Profit Centre is not included in the SAP journal masks by default, and is therefore not available on the appropriate BSEG document lines. Since numbers and warnings are usually centrally controlled processes, this should not be a problem in practice.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
But what are these two profiles different from each other and why are they necessary?
The authorisation concept in SAP ERP does not normally allow to limit permissions to individual financial years.