SAP Authorizations - Overview HCM Authorization Concepts
SAP S/4HANA: Analysis and simple adjustment of your authorizations
For an authorization concept, a clear goal must first be defined that is to be achieved with the help of the concept. This should list which regulatory requirements the respective SAP system must fulfill and the associated authorization concept must take into account. In this way, the legal framework conditions are defined. In addition, uniform naming conventions should be used because, on the one hand, many things cannot be changed after the initial naming and, on the other hand, this ensures searchability in the SAP system. Clearly defined responsibilities ensure the effectiveness of a concept. Specific persons must be named or at least roles defined in a separate section. A chapter should be dedicated to the process for user management. Here, it must be described how users obtain existing SAP authorizations, how new users are integrated into the SAP system, and who is responsible for approving authorizations. The chapter on the process for authorization management defines who is allowed to create and edit which roles and who is responsible for the development of various related processes. The chapter on special authorizations describes processes and special features in the area of non-dialog operations. These include job management and interface convention. Other administrative authorizations can also be described. The chapter on role concept explains how business requirements are transferred to a technical role. The role concept takes on a special significance, since it describes the actual mapping of business roles to the technical roles and thus to the authorizations in SAP.
When pasting permission field values from the Clipboard, the values are added to the existing entries. You must also separate the value intervals when inserting with the help of the tab stop. If permissions for the individual values do not exist for maintenance, they are rejected, i.e. not taken over. The Insert function from the Clipboard is also available in the dialogue box for maintaining the organisation levels. The Copy to Clipboard and Paste from Clipboard functions are not available if you maintain field values that allow only the selection of fixed values. For example, this is the case in the Activity field.
Check current situation
There are many advantages to using an authorization tool for companies. These include: - Managing authorization requests - Distributing and assigning authorizations - Auditing authorizations - Developing authorizations. With the help of authorization tools, it is possible, for example, to drastically reduce the effort required for role creation and authorization management through concrete assignment of SAP system roles.
After clicking on this button, you will see the current ZBV status in the area of the same name and can release the selected system from the ZBV via the Run button. ZBV is no longer active for this subsidiary system. To avoid inconsistencies in the user master kits, you must reconcile the users in the daughter system after the ZBV is activated. You can do this in the transaction SCUG and transfer user data from the subsidiary system to the central system. Information on the technical requirements can be found in SAP Note 962457. To disable the ZBV completely, use the RSDELCUA report or the Delete button in the transaction SCUA. With this function you have the possibility to delete either only certain subsidiary systems from the ZBV or the complete ZBV.
Authorizations can also be assigned via "Shortcut for SAP systems".
In order to use the statistical usage data, you must first extend the default SAP value of the retention time to a reasonable period of time.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
The AIS has thus been switched from the previous role concept to thematic audit structures and offers new functions, such as logging all audit activities.