Automatically pre-document user master data
Take advantage of roll transport feature improvements
Changes to SAP user data should be uncomplicated and fast. Users can make requests for SAP systems themselves. In exceptional and emergency situations, SAP users should be assigned extended authorizations quickly and for a limited period of time. Simplified assignment and control of exception authorizations in SAP systems is required. You can freely and flexibly determine the duration of these authorization assignments. Decisions can be controlled and monitored across systems. Whether it's recertification of SAP users, vacation requests or birthday wishes: all these things can now be processed and managed centrally in one place.
Have you ever tried to manually track who among the users in your SAP system has critical authorizations? Depending on your level of knowledge and experience, this work can take a lot of time. If audits have also been announced, the pressure is particularly high. After all, it is difficult to fulfill all requirements regarding SAP authorizations manually.
Change documents
Ensure that permission checks are performed when reference users are assigned. The checks are performed on the permissions associated with the roles and profiles assigned to the reference user. These eligibility tests are also a novelty, which is supplemented by SAP Note 513694.
Permissions must be maintained in every SAP system - a task that becomes more difficult the more complex the system landscapes and the greater the number of users. Especially in growing system landscapes, once defined concepts no longer fit the current requirements or the processes in role and authorisation management become more and more complex and cumbersome over time.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
The better these values are maintained, the less effort is required to maintain the PFCG roles (see figure next page).
Worse is the case that someone has too many permissions, i.e. the type: "User xy should not have this permission anymore" (CASE2).