SAP Script
MANAGED SERVICES
Understanding the structure and functioning of the system is particularly important for IT administration. It is not for nothing that "SAP Basis Administrator" is a career field in its own right. Instead of data and application development, the focus here is on providing the software environment on which the company's tools are created. SAP Basis is therefore comparable to the server and platform infrastructure and its administration in companies - as distinct from application and web development.
The SAP Basis team handles the entire administration of an SAP system. As a company, you have to decide whether you want to leave the support of your system within your company or place the "Basis" in the hands of an SAP expert.
Clear authorization concept
Before the project starts, it must be clear which systems are to be connected to the IdM and which services the system is to provide. This requires close collaboration between the department and IT, as later adaptations or additional systems will extend the implementation and exceed the budget. Analysing existing data To successfully implement an Identity Management System, high quality data is essential. Users' root data must be verified, updated, or maintained. Automation with incomplete or even incorrect data is otherwise not conceivable. Rethinking the Permission Concept With the introduction of an Identity Management System and a workflow for permission granting, the existing roles should be scrutinised once again. You should ask yourself whether the user knows what role he chooses from the current catalogue and whether it is sufficient for his task. Set Role-Owner Not only the user needs to know which role to choose. There must also be a person in charge of the role who adapts or adapts the role as required or acts as a point of contact when required.
I recommend that you schedule the background job PFCG_TIME_DEPENDENCY with the report RHAUTUPD_NEW. Scheduling the RHAUTUPD_NEW report with two variants has proven to be a best practice: Once a day before users log on for the first time (e.g. midnight or very early in the morning). This way the users are synchronized once a day. Once a month (or even once a week) with the option "Perform cleanup", so that obsolete profiles and user mappings are regularly cleaned up. Also handy: If the naming conventions of your roles allow it, you can also align the report according to different time zones. For example, I have a customer who runs the user synchronization for his users in the USA and Asia at different times, so that the daily business of the respective users is not disturbed.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
If you want to get more information about SAP basis, visit the website www.sap-corner.de.
This option is useful if several transactions are to be checked simultaneously for their existing assignment to a particular user.
This enables you to analyze and evaluate mass data almost in real time without the need for data aggregation.