Best Practices Benefit from PFCG Roles Naming Conventions
Application Permissions
Like all other security issues, SAP authorizations must be integrated into the framework used. The risks associated with incorrectly assigned authorizations must be classified as very high. The definition of a holistic governance, risk and compliance management system is required. This ensures that risks are recorded, analyzed, evaluated, coordinated and forwarded within the company at an early stage. Accordingly, the risks arising from incorrectly assigned SAP authorizations or from a lack of a process for monitoring authorizations are also included here.
Authorization object: Authorization objects are groups of authorization fields that control a specific activity. Authorization objects should always be defined in advance with the user group and then relate to a specific action within the system.
Maintain derived roles
In general, we recommend you to use strong encryption mechanisms and to switch most users to an SSO login. You should then delete the hash values of the user passwords as described above. For release-dependent information on SNC client encryption, see SAP Note 1643878.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
You can also find some useful tips from practice on the subject of SAP authorizations on the page "www.sap-corner.de".
The resulting interrelationships can become very complex.