Evaluation of the authorization check SU53
Use application search in transaction SAIS_SEARCH_APPL
Two equal permissions that meet the first maintenance status condition are also combined when all the values of the two permissions differ in one field or when a permission with all its fields is included in the other. However, if there are open permission fields in a permission, they will not be combined unless all permission fields in the permission values are the same.
With these methods, we not only help you with the implementation. You can also maintain and manage the solutions yourself afterwards, or you can trust us to run them for you: We call this Customer Success.
Analyse and evaluate permissions using SAP Query
The maintenance status of permissions in PFCG roles plays an important role in using the Role Menu. The Maintenance Status allows you to determine how the authorization object entered the role and how it was maintained there. The blending function of role maintenance credentials in the PFCG transaction is a powerful tool that helps you with role processing. If the Roll menu has been changed, the Mix feature will automatically add the permissions suggestions that are included in a single role. This is based on the proposed authorisation values defined in the transaction SU24, whose maintenance status is standard in the authorisation maintenance. These permission values are also called default permissions. Permissions with different maintenance status, i.e. Care for, Modified or Manual, are not changed during mixing - the exception is removing transactions.
Another important factor that should be considered in an authorization concept is to use a uniform naming convention because, on the one hand, many things cannot be changed after the initial naming and, on the other hand, this ensures searchability in the SAP system. In addition, the preset authorization roles of the SAP system should never be overwritten or deleted, but only copies of them should be created, which can then be adapted as desired.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
Even more critical is the assignment of the comprehensive SAP® standard profile SAP_ALL, which contains almost all rights in the system.
EARLYWATCH only has display rights for performance and monitoring functions.