Get an overview of the organisations and their dependencies maintained in the system
Existing permissions
You can adjust these evaluation methods in the table T77AW or in the transaction OOAW. To do this, select the respective evaluation path by selecting it, and click on the evaluation path (individual maintenance) in the menu on the left. The table that appears defines the relationships between the objects. For SAP CRM only the objects Organisational Unit (O), Headquarters (S), Central Person (CP) and User (US) play a role. For simplicity, you can now copy the lines that use the Person (P) object. Enter a new number here and replace the object P with the object CP.
The SU25 transaction lists additional customisation options in addition to upgrade activities. Under the item Adjustment of the permission checks (optional) are the transactions SU24 for the maintenance of the value of the proposal, the transaction AUTH_SWITCH_OBJECTS for the global elimination of the authorization objects as well as the transaction SE97 for the maintenance of transaction startup permissions checks (see Tip 76, "Maintain transaction start permissions when calling CALL TRANSACTION"). In the Manual Adjustment section of selected roles, you can create roles from manually created profiles, generate SAP_NEW (see Tip 64, "Use SAP_NEW correctly"), or generate SAP_APP as roles. In the General maintenance for suggestion values section, the reports SU2X_CHECK_WDY_HEADER for the registration of header data for external services (see tip 38, "Use the SU22 and SU24 transactions correctly") and SU2X_CHECK_CONSISTENCY for the concession test (available via the in SAP Note 16466666446445) 692 named Support Package) of suggestion values for the selected authorization objects.
Handle the default users and their initial passwords
The default authorization roles of the new SAP system for consolidation and planning, SAP Group Reporting, are shown in the following graphic. It does not matter whether the system is accessed via the browser (Fiori Launchpad) or via local access (SAP GUI). The authorization roles shown in the graphic merely indicate the technical specifications preset by SAP. However, these can be used as a starting point and adapted accordingly after a copy has been created.
With the Enhancement Package (EHP) 3 to SAP ERP 6.0, SAP has provided an extension of the eligibility tests in the FIN_GL_CI_1 Business Function, which allows the eligibility objects for profit centres to be tested in FI. You must first enable the FIN_GL_CI_1 Business Function in the Switch Framework (transaction SFW5). After that, you can activate the new functionality in Customising via this path: Finance (new) > Basic Financial Settings (new) > Permissions > Enable Profit Centre Permissions Check.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
For example, this could be relevant for the tax audit and final reports or performance critical.
After confirming your entries, you confirm the Permissions field maintenance in the Permissions proposal maintenance by clicking on the green checkmark, so that the status of the Permissions object is green (maintained).