What are SAP authorizations?
Conclusion and outlook
Changes in customizing and various security-relevant changes, such as the maintenance of RFC interfaces, can be viewed via table change logs. This authorization should only be given to an emergency user.
The user's access to this program is realized by assigning a role that contains the required transaction including the authorization objects to be checked. A role can contain a large number of authorization objects.
Your system has inactive users? This is not only a security risk, as they often use an initial password, but also creates unnecessary licence costs. There will always be inactive users in your SAP system. There may be several reasons for this. For example, they may be management level users that are virtually unused because they are not using the ERP system. It could also be that employees no longer use their SAP user due to a change of position or that outsiders do not work on the SAP system for a while. In any case, you should ensure that these inactive users are either blocked or invalidated. Up to now, you had to select all inactive users with the help of the RSUSR200 report and then manually transfer them into the SU10 transaction to perform the blocking. You can now do this automatically.
The general SAP authorizations are used most often and for many things they are sufficient. For example, if only the HR department has access to the SAP HCM system. However, if other users come onto the system and you only want to allow them access to a limited number of personnel, then in the case of the general authorizations you have to deal with the organization key of infotype 1 (VSDK1), which must be hard-coded into the authorization roles. If ESS/MSS or Manager Desktop etc. now come into play, however, this means a large number of authorization roles, namely a separate one for each manager. This makes maintenance and servicing very time-consuming and your authorization concept becomes opaque, which in turn brings the much-quoted auditor onto the scene.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Now the new suggested values for this external service are loaded.
However, if the selection criteria are partially within the valid time period, the documents that are outside the time period will be filtered out by the system without the user receiving a notice.