A concept for SAP authorizations prevents system errors and DSGVO violations
Set Configuration Validation
The Permissions check continues again if the table in question is a client-independent table. This is done by checking the S_TABU_CLI authorization object, which decides on maintenance permissions for client-independent tables. For example, the T000 table is a table that is independent of the client and would be validated. To enable a user to maintain this table by using the SM30 transaction, you must maintain the S_TABU_CLI authorization object, in addition to the table permission group or specific table, as follows: CLIIDMAINT: X.
In SAP systems you always have the possibility to integrate custom developments. In such extensions or your own programmes, you must implement permission checks and may also create your own authorization objects. You can also supplement authorisation checks in standard transactions if the existing checks do not cover your requirements.
Query Data from Active Directory
Sometimes implementation consultants are also confronted with the situation that no authorization concept exists at all. This happens, for example, when changes in SAP SuccessFactors responsibilities occur on the customer side or different implementation partners were active in the past. However, a missing concept can lead to errors in the system. Users cannot perform certain actions, or worse, people see sensitive data that they should not see. This can, in the worst case, constitute a DSGVO violation and lead to a fine for the company.
Standard users such as SAP* or DDIC should also be implemented correctly in accordance with the authorization concept or SAP's recommendations. An important preparatory action here is to check whether the passwords have been changed for all standard users.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
On www.sap-corner.de you will also find useful information about SAP basis.
You can also run SU53 for other users by clicking on Authorization Values > Other Users in the menu and entering the corresponding SAP user name.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
Here, it must be described how users obtain existing SAP authorizations, how new users are integrated into the SAP system, and who is responsible for approving authorizations.