Unclear objectives and lack of definition of own security standards
Add External Services from SAP CRM to the User Menu
It's never too late to rethink your authorization concept. Start by defining the objective of each role and take advantage of the reporting offered in SAP SuccessFactors.
As the rolls pass, the value ranges for the field in question are searched within a role. Automatic cleanup occurs by writing both value ranges together in all fields. Therefore, you should clean up these entries before you start and create two different roles if necessary. The PFCG_ORGFIELD_CREATE report provides a test run that allows you to identify all the affected roles. The Status column provides an overview of the status of the permission values. If the status is yellow, there are different value ranges for the field within the role; the role must therefore be adjusted.
In-house role maintenance
Delete invalid SU24 Checkmarks: This function deletes all records that contain an unknown value as a check mark. This is either C (Check) or N (Do Not Check).
The selection mask for selecting change documents in the transaction SCUH is divided into four sections: Standard selection (similar to other SUIM reports), output, selection criteria, and distribution parameters. In the default selection you have the option to specify for which model view, for which modifier (Modified by) and for which time period you want to view change documents.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
Please refer to SAP Note 1671117 for more information on the required support packages and technical background.
As a general rule, there are internal and external auditors who carry out such audits.