Making the RESPAREA responsibility the organisational level
Analysis and reporting tool for SAP SuccessFactors ensures order and overview
If you do not see the Expert Mode button for step 2 in the SU25 transaction, check whether you can call the expert mode from the SU24 transaction by clicking the Sample Value Match button. In this view, it is possible to select the proposed values to be matched by specific selections, so that not all proposed values are used for matching. In the first selection, you can choose the data to take. You can select here whether only SAP standard applications or customer or partner applications should be considered. You can still limit the selection by type of application, package, or component shortcut in the Other Constraints pane. In the Application Search pane, you can also limit the SU22 data to an upload file, transport jobs, or role menus.
First of all, represent your organisation. Map the business processes (if necessary only at the generic level of applications such as MM or CO) across the organisation. On this basis, determine which organisational characteristics (organisational levels, but also cost centres, organisational units, etc.) represent which parts of the organisation. Define (if necessary, only in detail in accounting, otherwise at the level of applications) which functions must necessarily remain separate. If you have a running system, evaluate the use of the last 13 months (see Tip 26, "Use usage data for role definition"). Set up a new system and make sure that processes are always documented to the level of transactions. In such a case, it is also best to collect the business risks directly in the process description.
Analyzing the quality of the authorization concept - Part 1
There are extensive revision requirements for password rules. Learn how to define these requirements globally, which special characters are accepted by the SAP standard, and how to set the parameters for generated passwords. Do you not want to use SAP's standard password creation rules, but rather make your own password requirements for your users? Do you need to implement internal or external security requirements, such as audit requirements? You do not want to allow certain words as passwords, exclude certain special characters or change the formats of passwords generated by the SAP system? In the following we give you an overview of the possible characters, the existing profile parameters and the customising settings for passwords.
To do this, first define what information should be checked. In the SU20 transaction, verify that the required fields may already exist as permission fields. If you want to check custom fields, you must create your own permission fields in the transaction SU20. Please pay particular attention to the (F4) help provided. When defining customised permission fields, you assign a name in the Field Name field that is in your Customer Name Room and assign the corresponding data element and, if desired, a table name for a value help. The next step is to create your own authorization object and assign your permission fields and, if necessary, default permission fields. If you use the ACTVT field to validate the activity, you must use the Activities allowed button to select the activities that you want to validate from the source code of your programme. For recommendations on the naming conventions for authorization objects, see SAP Note 395083.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
Some useful tips about SAP basis can be found on www.sap-corner.de.
Another important authorization object for background processing is the object S_BTCH_NAM, which allows a user to run the steps of a job under another user (see SM36 -> Edit step).
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
There are several scenarios in which it becomes interesting to translate the texts of permission roles, for example, if your company is acting internationally.