A complicated role construct
SIVIS as a Service
What roles does my user have (SU01)? We start with a simple question: which roles are actually assigned to your SAP user? With the transaction SU01 you can view your (or other) SAP user. Among a lot of other information, you can find the assigned single and composite roles on the "Roles" tab.
Over the course of time, many companies experience profound changes in the framework conditions that significantly influence SAP® authorization management. Not uncommon are subsequent requirements from the area of compliance (SOX or similar) or the increased need for protection.
Roles and permissions in SAP SuccessFactors often grow organically and become confusing
Authorization trace - Transaction: STUSOBTRACE - Transaction STUSOBTRACE is used to evaluate the authorization trace in the SAP system. This is a trace that collects authorization data over a longer period of time in several clients and user-independently and stores it in a database (table USOB_AUTHVALTRC).
For this very reason, there is a solution to automate the checking of authorizations with regard to critical authorizations and segregation of duties by means of tool support. This gives the authorization administrators more time to correct any errors that occur instead of having to search for them first.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
On www.sap-corner.de you will also find useful information about SAP basis.
The security of business data depends directly on the authorizations assigned.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
The risk of incorrectly assigned developer authorizations has also increased due to the elimination of additional protection via developer and object keys in S/4 HANA systems (see, among other things, SAP Note 2309060).