View system modifiability settings
Organisationally restrict table editing permissions
The SAP administrator uses the concept to assign users their dedicated authorizations. Behind these is a checking mechanism based on so-called authorization objects, by which the objects or transactions are protected. An authorization object can comprise up to ten authorization fields. This allows complex authorization checks that are bound to several conditions.
Sometimes implementation consultants are also confronted with the situation that no authorization concept exists at all. This happens, for example, when changes in SAP SuccessFactors responsibilities occur on the customer side or different implementation partners were active in the past. However, a missing concept can lead to errors in the system. Users cannot perform certain actions, or worse, people see sensitive data that they should not see. This can, in the worst case, constitute a DSGVO violation and lead to a fine for the company.
Define security policy for users
In order to avoid inconsistencies during the release of the transport order, all the roles on the order will be blocked during release. If roles cannot be locked, the job release fails. You can see the reason for the failed share and the cause of other errors in the transport log.
Personally, I'm a big fan of the role-based authorizations in SAP SuccessFactors and I'm glad the system has such extensive capabilities. To review your need for action in this area, I advise you to ask yourself the following questions: Do you know which users get which SAP authorizations and why? Can you explain the concept to your data protection officer? Is it easy for you to introduce a new process because you know how the authorizations work? If you have to answer "no" here (several times), I recommend you to dedicate yourself to the topic. It will make their lives easier in the future. If you need help with this, feel free to contact us!
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Open the PRGN_CUST table either directly or via the customising in the SPRO transaction in the respective subsidiary system.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
This is ensured by the tools in the FI module.