Eligibility proposal values
Activity level
In order to get an overview of the organisations and their structure, we recommend that you call the Org-Copier (in read mode!) for the various organisational fields via the transactions EC01 to EC15. The customising in the SPRO transaction allows you to define the organisation fields and their respective assignment in the corporate structure area.
In the TPC6 transaction, set the periods to be reviewed. In the example shown in the figure below, a group of auditors from North Rhine-Westphalia would be active for the accounting area or cost accounting area (OrgUnit) 1000. In the 2000 accounting area and the 2000 HR accounting area, a Hessen-based payroll tax auditor group would operate.
Calling RFC function modules
A prerequisite for the indirect assignment of PFCG roles is a well-maintained organisational model. This may correspond to a line organisation consisting of organisational units to which posts are assigned. Use an organisation chart to visualise the employee structure of the company or department for which you are to assign roles. Assign to the posts the people to whom a user is assigned as an attribute. In addition, you can also include other objects from HR organisation management, such as the posts describing the post and assigning roles.
We recommend that you implement all safety instructions of priority very high (1) and high (2) directly. On the other hand, you can implement medium (3) and low (4) security advisories via support packages, which you should also include regularly. If you are unable to insert a support package at the moment, SAP will also provide you with the priority 3 and 4 security advisories. For the evaluation of the security advisories, you should define a monthly security patch process.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Secure management of access options in the SAP system is essential for any company.
As soon as you transport these eponymous permission profiles into a common target system, the profile will be overwritten by the newly imported profile and inconsistencies will arise.