Centrally view user favourites
General authorizations
I show how SAP authorizations can be assessed and monitored by using the Three Lines of Defense model. This method can be applied even if the model is not used for all enterprise risks. You will learn how to integrate the different stakeholders into the lines of defense and harmonize the knowledge for the process. Also, what tools can be used for controls and cleanups in each case. This ensures, for example, that managers are able to assess the risks and derive measures, and that administrators can technically clean up the risks.
The advantage of this feature is that administrators can parse failed permission checks regardless of end users. End users can save their unsuccessful checks to the database using the Save ( ) button. As an administrator, you can also back up failed permission checks from other users. The Saved Checks button also gives you access to this information afterwards. The automatic storage carried out when the old transaction SU53 was called is omitted because it overwrote the last recording. You can also load the results into an Excel file to allow a more comfortable evaluation.
Make mass changes in the table log
As part of the use of a HANA database, you should protect both the execution of HANA database functions as well as the reading or altering access to the data stored in the database by appropriate permission techniques. Essential to the permission technique are database objects such as tables and views - which allow access to the stored data - as well as executable procedures and users. The specific HANA-specific permissions assigned to a user are referred to as privileges in the HANA context.
Users can activate or deactivate processes without affecting other processes. For example, they can activate Succession & Development without affecting position management in Employee Central. With the help of the tool, users always know for what purpose a particular user has been given a particular permission. Basic authorizations, which are identical for every user, are only stored once in a platform role. This ensures that system performance remains optimal.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
This is all too complicated for you, and you are still looking for simple solutions for role maintenance? I'm sure you'll have a look at tools from SAP partners that promise to help.
If SAP_ALL assignments did occur, ideally these have already been documented and checked.