SAP Authorizations Prevent excessive permissions on HR reporting - SAP Admin

Direkt zum Seiteninhalt
Prevent excessive permissions on HR reporting
Redesign of SAP® Authorizations
In principle, the SAP_NEW permission should not be granted in the production system. The Profiles tab displays the generated profiles in the user master record that are associated with a specific user. Here you can also assign manually created permission profiles from the transaction SU02 - even without direct role mapping. In principle, the recommendation is to use the profile generator (transaction PFCG) to generate authorisation profiles automatically. Special caution is taken when you enter generated permission profiles directly on the Profiles tab, as these assignments will be deleted by matching user assignments with the transaction PFUD if no entry is on the Roles tab for the assignment. You have probably assigned SAP_ALL and SAP_NEW to users for whom there should be no restrictions in the SAP system. But what are these two profiles different from each other and why are they necessary?

Increased compliance requirements and the design of internal control systems confront companies with an increasing number of rules on how SAP (and other IT) systems must be technically protected. The SAP authorization concept specifies such legal standards and internal company rules. This ensures that each user only receives the authorizations he or she needs for his or her activities. The business risk can thus be reduced to a minimum.
Use usage data for role definition
Due to the changed suggestion values in the SU24 transaction, you must now perform step 2c (roles to verify) to update all roles affected by the changed proposal values. Role changes are only customised! You will get a list that shows all the roles you need to edit. If you have more than one client to maintain roles, you must also do this in the other client.

With Managed Services, you receive professional management and improvement of your SAP authorizations. In doing so, we analyze your existing workflows and processes and work out optimization potentials. The implementation of the potentials takes place within a few months. As a basis for central and efficient administration, we implement an underlying tool, working continuously and directly with your SAP key users.

With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.

Some useful tips about SAP basis can be found on www.sap-corner.de.


Therefore, you need a way to transport the data for the permission proposal values and the PFCG rolls in Y landscapes in a transparent and consistent way.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


The organisational unit is evaluated in the context of the application label.
Zurück zum Seiteninhalt