SAP Authorizations Solution approaches for efficient authorizations

Direkt zum Seiteninhalt
Solution approaches for efficient authorizations
Use application search in transaction SAIS_SEARCH_APPL
Many companies do not pay enough attention to the topic of authorizations in SAP SuccessFactors. It often seems too complex and confusing. Both the creation of a concept and the harmonization of existing structures often seem like a mammoth task. However, with role-based authorizations, SAP provides a very powerful control tool that remains clear with a little help and documentation.

Regardless of whether you select the degree of simplification COARS = 1 or 2, you should not enter * or SAPDBPNP (programme name of logical database PNP) in the REPID field. With these values, you allow access to the logical databases SAPDBPNP and SAPDBPAP and thus to all contained root data.
Default permissions already included
For the entries in the SPTH table, note that the application defines whether a file is accessed with or without the path. For example, the related transactions ST11 (error log files) and AL11 (SAP directories) behave differently. While ST11 opens almost all files without a path (they are in the DIR_HOME directory anyway), AL11 basically uses fully specified file names with a path. An entry in the SPTH table with PATH = / is therefore misleading. It specifies that the defined access restrictions apply to all files specified by path. However, this only applies to applications that access files using a specified path. However, applications that access files without a path are not restricted; Files in the DIR_HOME directory may be excluded.

This missing functionality comes with SAP Note 1902038 and can only be recorded via the respective support packages for SAP NetWeaver Releases 7.31 and 7.40. The ZBV's change documents are written for the USER_CUA change document object. The analysis of the change documents can be accessed using the following methods.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.

While this leads to less administrative work in the short term, it causes the complexity of the role to increase massively over time.

The automatic storage carried out when the old transaction SU53 was called is omitted because it overwrote the last recording.
SAP Corner
Zurück zum Seiteninhalt