SAP Authorizations Deleting table change logs

Deleting table change logs

Hash values of user passwords

The setting of the modification flag used to determine the proposed values to be matched is imprecise. Learn about a new process that uses timestamps. Upgrade rework for suggestion values and roles must be performed not only upon release change, but also after inserting plug-ins, support packages, enhancement packages, or other software components, such as partner solutions. These rework can be complex if the underlying selection of proposed values cannot be restricted. Therefore, a new procedure has been introduced in the transaction SU25, which restricts the proposed values to be compared using a time stamp.

The aim of authorization concepts is to provide each user with the authorizations required for his or her task in the SAP system in accordance with the rules. A good authorization concept is the cornerstone for efficient and cost-effective authorization assignment.

Introduction & Best Practices

Any deviation from the defined process must be fully documented and justified. This is because it is precisely deviations from the standard case that are of great interest to an auditor, as the auditor must determine whether a deviation could have an impact on the correctness of the data.

It is best if the persons responsible for the system develop role descriptions with their departments in advance and document them outside SAP SuccessFactors (e.g., as in Fig. 2). In case of queries, they can use this basis to explain exactly why someone has been given a certain authorization. The role descriptions and the report help to work in a DSGVO-compliant manner. Since the report updates automatically, companies have no additional effort to document the changes - one less unloved (and often "forgotten") task.

If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.

Note that this can be a very large number of transactions and can therefore take longer.

This only takes into account the applications that are maintained in the role menus of the selected PFCG roles.