Authorization Analysis
Eligibility proposal values
For each area, the connection to other modules is the first priority. For example, for the Controlling division, the connection to the Finance division is first established by connecting the accounting area (FI) to the cost accounting area(s). The assignment of the cost accounting area to the result area is then an internal allocation within the controlling. If no allocations are found for certain valid organisational values, one of the two modules or the relevant functional area shall not be used for the organisational units of the enterprise.
If the changes to your SU24 data have not been detected with step 2a, or if you have imported transports from other system landscapes into your system, you have the option to reset the timestamp tables and start again. To do this, run the SU24_AUTO_REPAIR report in a system that is still at the state of the legacy release so that the modification flag is set correctly (see tip 38, "Use the SU22 and SU24 transactions correctly"). Subsequently, you create a transport and transport your SU24 data to the system, which is at the state of the new release. Now delete your timestamp tables. You can use the report SU25_INITIALIZE_TSTMP. Starting with SAP NetWeaver 7.31, you have the choice to set the reference time stamp from the SU22 data or delete the contents of the time stamp tables. You can then run Step 2a again.
User & Authorization Management with SIVIS as a Service
SAP authorizations are not exclusively an operational issue - they are also essential for risk management and compliance and represent one of the key audit topics for internal auditing and auditors. In most cases, the different rules according to which the risks of SAP authorizations are assessed are problematic.
If your users are allowed to share their own background jobs, you need the JOBACTION = RELE permission to the S_BTCH_JOB object. In this case, you can start all jobs at the desired time. In many cases, background jobs are used for the professional or technical operation of applications; Therefore, we recommend that you schedule these background jobs under a System-Type technical user (see also Tip 6, "Note the impact of user types on password rules"). The advantage of this is that the permissions can be controlled more accurately and you do not run the risk of a job being lost if the user under whom it was scheduled to leave your company once. You can realise the association with a system user by giving the user who plans the job permission for the S_BTCH_NAM object. In the BTCUNAME field, the name of the step user, i.e. the user under whom the job should run, such as MUSTERMANN, is entered.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.
If your user is assigned the privilege ROLE ADMIN (either directly or through a role), you can create your own roles and assign them to users.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Since there are many interfaces between the modules, the main organisational fields of the modules must be linked.