Which challenges cannot be solved with authorization tools alone?
SIVIS as a Service
Increasingly, it is possible to make use of automation in the security environment. Although these are not yet used by many companies, they are the next step in digital transformation. By using automation intelligently, companies can free up resources for the innovation topics that really matter. In the future, we can expect both the number and power of automation tools to increase. It is therefore only a matter of time before SAP itself also delivers optimized support in the form of tools as standard.
If you want to understand how to run a permission check in your code, you can use the debugger to move through the permission check step by step. To implement your own permission checks, it may be helpful to see how such checks have been implemented in the SAP standard. In this tip, we show you how to view the source code of permission checks using the debugger in the programme, or how to get to the code locations where the permission checks are implemented.
Analysis and reporting tool for SAP SuccessFactors ensures order and overview
You want to create a permission concept for applications that use SAP HANA? Find out what you should consider in terms of technical basics and tools. As described in Tip 22, "Application Solutions for User Management in SAP HANA", there are different application scenarios where the permission assignment on the HANA database is required.
Then you create a subroutine with the same name as the User-Exit definition and programme your customised checks (for example, for specific data constellations or permissions). Include the exit definition (UGALI) via the GGB0 transaction. You will need to call this transaction again to read the programmed exit and select it.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
You're probably familiar with this.
If the role assignment of the ZBV in the SCUM transaction is set to global, it is sufficient if the correction is recorded in the central client.