Authorization roles (transaction PFCG)
Correct settings of the essential parameters
After you have completed the development of the User-Exit, you still need to transport your validation. To do this, navigate back and highlight the validation you have created. You can now include the objects in a transport order using the Validation > Transport menu path. Finally, you need to activate your validation via the OB28 transaction. Please note that this is only possible for one validation (with several steps if necessary) per booking circle and time. Now your validation will be carried out with additional checks during the document booking via an interface.
In the event that such conflicts nevertheless arise, regular checks should be established as part of an internal control system. Furthermore, the authorization concept includes content such as the integration of the data owner, security-relevant system settings, specifications for maintaining authorization default values (transaction SU24) and documentation requirements.
User Information System SUIM
The goal is for SAP SuccessFactors users to maintain an overview of roles and authorizations in the system. Analysis and reporting tools help to achieve this. At ABS Team, we use our own combination of an SAP SuccessFactors solution and external documentation for this purpose. As the first graphic shows, our approach is built on a delta concept: all SAP authorizations and processes function independently of each other.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
In addition, there is the challenge of limiting access to the audited financial years.