Roles and permissions in SAP SuccessFactors often grow organically and become confusing
Authorization object documentation
Standard users such as SAP* or DDIC should also be implemented correctly in accordance with the authorization concept or SAP's recommendations. An important preparatory action here is to check whether the passwords have been changed for all standard users.
Another important factor that should be considered in an authorization concept is to use a uniform naming convention because, on the one hand, many things cannot be changed after the initial naming and, on the other hand, this ensures searchability in the SAP system. In addition, the preset authorization roles of the SAP system should never be overwritten or deleted, but only copies of them should be created, which can then be adapted as desired.
Reset Manually Maintained Organisation Levels to Roles
The SAP authorization default values are the basis for role creation and are also the starting point for SAP authorization management. For this purpose, the SU22 SAP authorization default values must be transported via SU25 into the customer-specific SU24 tables. The consistency of the default values should therefore be checked beforehand using the SU2X_CHECK_CONSISTENCY report. If inconsistencies exist, they can be corrected using the report SU24_AUTO_REPAIR. Detailed information regarding the procedure can be found in SAP Note 1539556. In this way, you can not only clean up your SU24 values, but at the same time achieve a high-performance starting position for role and authorization administration.
In the Output pane, you can view the change documents of a remote subsidiary system, or in the Selection Criteria pane, you can restrict the change documents for the central system (transmit system) or only for specific daughter systems. In the lower part, you can select the distribution parameters that you are interested in changing. The evaluation includes information about all changes in the ZBV configuration and in the attached subsidiary systems, as of the time the corresponding release or support package was inserted into the systems. In addition to the date, time and modifier, the evaluation also contains information about the respective model view, the status of the configured system and the action taken (old value and new value). In our example, you will see changes that have occurred in the SCUA transaction, such as creating a model view and adding subsidiary systems, changes made in the SCUG transaction, such as the user adoption, and changes to the distribution parameters in the SCUM transaction.
Authorizations can also be assigned via "Shortcut for SAP systems".
While ST11 opens almost all files without a path (they are in the DIR_HOME directory anyway), AL11 basically uses fully specified file names with a path.
In both cases, you can download the full list in the SAP Solution Manager's ST14 transaction.