Correct settings of the essential parameters
SAP Security Automation
Roles are assigned according to the function of employees in the company and their validity is limited depending on the task. Removing role assignments manually in user master kits is very tedious. We'll show you how it's easier. Over time, users of your SAP system have accumulated many roles in the user master set. These roles have different validity periods. Some roles have already expired, and other roles may be assigned multiple times, because a user might perform multiple roles in the organisation, some of which have the same roles. Now you are looking for an easy way to delete role assignments that have expired or to remove multiple role assignments.
As a second way to automate the mass maintenance of role pipelines, we mentioned the use of business role management. Various solutions are offered on the market that offer this functionality in the same or similar form. Some of these solutions do not use the derivation concept; This has the advantage that the organisational matrix is not limited to organisational fields. However, the major deviation from the standard functionalities of the PFCG role is detrimental to this variant.
WHY ACCESS CONTROL
The next step is to maintain the permission values. Here, too, you can take advantage of the values of the permission trace. When you switch from the Role menu to the Permissions tab, you will generate startup permissions for all applications on the Role menu and display default permissions from the permissions suggestions. You can now add these suggested values to the trace data by clicking the button trace in the Button bar. First, select the authorization object that you want to maintain. There can be multiple permissions for each authorization object. Then load the trace data by clicking the Evaluate Trace button. A new window will open again, where you can set the evaluation criteria for the trace and limit the filter for applications either to applications in the menu or to all applications. Once the trace has been evaluated, you will be presented with all checked permission values for the selected authorization object. With the Apply button, you can now take the values line by line, column by column, or field by field.
You want to create a permission concept for applications that use SAP HANA? Find out what you should consider in terms of technical basics and tools. As described in Tip 22, "Application Solutions for User Management in SAP HANA", there are different application scenarios where the permission assignment on the HANA database is required.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Note the implications if you want to actually run this programme.
After activation, advanced security checks are available in the usual development environment within the ABAP Test Cockpit.