User Information System (SUIM)
Our offer
The S_START boot authorisation check is delivered inactively by SAP. If this test is activated in an AS-ABAP installation (see also SAP Note 1413011), this will affect all clients. Therefore, before you activate, it must be ensured that all affected users in the permission profiles associated with them have the necessary values in the S_START permission fields.
This role is now available for you to assign to users. As a design-time object, you can transport this role via the HANA-owned Transport Service (HALM) or via the SAP Solution Manager with the CTS+ extension. After transport to the target system, this role is activated as a runtime object. You can assign HANA roles via both SAP HANA Studio and SAP Identity Management.
SAP S/4HANA® migration audit
The proposed values in the SU24 transaction are an imperative for the maintenance of PFCG roles, as these values are used when creating PFCG roles. The better these values are maintained, the less effort is required to maintain the PFCG roles (see figure next page). You may ask yourself in which cases it makes sense to adjust the proposed values, since they have such a large impact on the maintenance of roles.
Don't simplify your entitlement concept before you know all the requirements, but first ask yourself what you need to achieve. So first analyse the processes (if possible also technically) and then create a concept. Many of the authorisation concepts we found in customers were not suitable to meet the requirements. Some of these were "grown" permission concepts (i.e., requests were repeatedly added) or purchased permission concepts. Many of these concepts had in common that they had been oversimplified, not simply. A nice example is permission concepts that summarise all organisational levels in value roles or organisational roles. There are few examples, such as the role manager of the industry solution SAP for Defence and Security, in which the result of a value role concept is still useful and appropriate for the user. The assumption that you "sometimes" separate all the authorization objects that contain an organisational level is simple, but not useful. We have not found the simplification that only a user without permissions can definitely not have illegal permissions. However, there was always the case that users had far too many permissions and the system was therefore not compliant.
Authorizations can also be assigned via "Shortcut for SAP systems".
Some useful tips about SAP basis can be found on www.sap-corner.de.
For example, an employee may be authorized to access data for which he or she is not authorized.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
Please also refer to our explanations on the involvement of your organisation's co-determination body in the storage and use of the statistical usage data.