Security within the development system
Use usage data for role definition
Structural authorizations work with SAP HCM Organizational Management and define who can be seen, but not what can be seen. This is done based on evaluation paths in the org tree. Structural authorizations should therefore only be used together with general authorizations. Just like the general authorizations in SAP ECC HR, they enable regulated access to data in time-dependent structures. An authorization profile is used to determine the authorization. In addition, it is defined how the search is carried out on the org tree.
This solution is only available with a support package starting with SAP NetWeaver AS ABAP 7.31 and requires a kernel patch. For details on the relevant support packages, see SAP Note 1750161. In addition, the SAP Cryptographic Library must be installed; but this is ensured by the required kernel patch. Only if you have manually made a different configuration, you must check this requirement.
Reference User
As in other systems, user maintenance and role/profile assignment must be restricted to the group of user administrators. In contrast to the previous systems, however, roles and profiles are maintained here, so that appropriate rights must be assigned to the role/profile administrators.
Various activities, such as changes to content or the assignment of roles, are made traceable via change documents. This authorization should only be assigned to an emergency user.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
The definition of a holistic governance, risk and compliance management system is required.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
The system determines the organizational levels that match for the user and the object being processed.