Do not assign SAP_NEW
Use Central User Management change documents
A major advantage of SAP SuccessFactors is flexibility. Different project teams can implement and use several modules, processes or add-ons in a short time. The processes can be optimized again and again. A central basis for extensively digitized processes are structured specifications that regulate system access and control access rights. In this context, SAP offers the concept of role-based authorizations. Role-based SAP authorizations grant different groups of people different options for action and views in the system, e.g., regulate access to salary data. Role-based authorizations are flexible and facilitate global implementations of SAP SuccessFactors, e.g. in different national companies. Once implemented, roles and their authorizations can be quickly rolled out to the new region. The roles do not have to be completely reconfigured each time. Slight adjustments are all that is required.
Since the maintenance effort would be too great if individual authorizations were entered in the user master record, authorizations can be combined into authorization profiles. Changes to access rights take effect for all users who have entered the profile in the master record.
Integrate S_TABU_NAM into a Permission Concept
What roles does my user have (SU01)? We start with a simple question: which roles are actually assigned to your SAP user? With the transaction SU01 you can view your (or other) SAP user. Among a lot of other information, you can find the assigned single and composite roles on the "Roles" tab.
The best way for companies to combat historically grown uncontrolled growth in authorizations is to prevent it. An analysis of whether the current authorization concept is sufficient for the company helps here.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
Changes only take effect the next time the user logs on to the system.
These default users use initial passwords that are well known.