How to analyze roles and authorizations in the SAP system
Implementing the authorization concept in the FIORI interface
The best way for companies to combat historically grown uncontrolled growth in authorizations is to prevent it. An analysis of whether the current authorization concept is sufficient for the company helps here.
Database Schema Privileges permissions: Schema Privileges are SQL object permissions that control access to and modification of a (database) schema, including the objects contained in that schema. A user who has an Object Privilege for a schema also has the same Object Privilege for all objects in that schema.
SAP Security Concepts
The handling of organisational levels in PFCG roles wants to be learned. If these are maintained manually, problems arise when deriving rolls. We will show you how to correct the fields in question. Manually maintained organisational levels (orgons) in PFCG roles cannot be maintained via the Origen button. These organisational levels prevent the inheritance concept from being implemented correctly. You can see that organisational levels have been maintained manually when you enter values via the Ormits button, but the changes are not applied to the authorization object.
You can assign a Table or Care View to a table through the SE11 transaction or SE54 transaction. This mapping is defined as a customising setting and therefore remains in place after a release change. You can assign a table to a table permission group by using the SE11 transaction by selecting your table in the start image and pressing the Display button.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
A text file is now created under the appropriate path, containing the desired format with the input parameters.
If you want to set the table logger check for multiple tables, you should note that the principles for changing Dictionary objects apply, i.e. you will generate increased system loads in running systems.