Use system recommendations to introduce security
Organisationally restrict table editing permissions
Single role - Created using the role administration tool, it enables the automatic generation of an authorization profile. The role contains the authorization data and the logon menu of the users.
In the beginning, the FI and CO modules were separated from each other. Both modules have been combined by SAP as higher-level modules in the accounting area. The main reason for this is the tight process structure, which enables a smooth transition between the two modules. As a result, SAP FI and CO now only appear as the joint module SAP FICO.
Define a user group as mandatory field in the user root
Finally, you can extend your implementation of the BAdIs BADI_IDENTITY_SU01_CREATE and pre-enter additional fields of the transaction SU01. To do this, complete the appropriate SET_* methods of the IF_IDENTITY interface. For example, it is possible to assign parameters that should be maintained for all users, assign a company, or assign an SNC name.
Employees should only be able to access data relevant to their work, country or accounting area in tables? Set up organisational criteria to ensure this. Do you want users to be able to read or maintain specific tables, but only have access to the table contents that are relevant to them? The S_TABU_DIS and S_TABU_NAM permissions objects allow you to access the tables, but if you want a user to see or maintain only parts of the table, these authorization objects will reach their limits.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
They are used in technical operations that require a user, such as batch runs or RFC connections.
For example, if only the HR department has access to the SAP HCM system.