Authorization tools - advantages and limitations
Perform Risk Analysis with the Critical Permissions Report
Once the programme implementation and documentation have been completed, a functional test will always follow. A corresponding eligibility test should not be forgotten. The permission test must include both a positive and a negative permission test.
If business partners are deposited to the user IDs, the standard evaluation paths lead to a dead end. Adjust it so that the indirect role mapping works anyway. In SAP CRM, you can set up an organisation management, as in SAP HCM. You can maintain organisational units and posts and assign business partners with their user IDs. In SAP CRM, however, there is the specificity that user IDs are not directly assigned to a job, but are usually indirectly assigned by the associated business partner. All persons and organisations involved in business processes are represented as business partners in SAP CRM.
Analyse and evaluate permissions using SAP Query
Eligibility objects that were visible in the permission trace are quickly inserted in rolls. But are they really necessary? Are these possibly even critical permissions? A review of the Permissions Concept can reveal that critical permissions are in your end-user roles. We would like to give you some examples of critical permissions in this tip. It is helpful to know which authorization objects are covered by the critical permissions. They must also ask themselves whether the granting of these allowances entails risks.
Every SAP system (ERP) must be migrated to SAP S/4HANA® in the next few years. This technical migration should definitely be audited by an internal or external auditor.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
You click on any buttons, and something happens with the permissions in their roles.
A possible result is that you want to add fields such as the cost centre to the organisation level.