Customizing
Roles and permissions in SAP SuccessFactors often grow organically and become confusing
In the SU22 transaction, the developers of an application maintain the proposed values for all required authorization objects; the authorisation trace helps in this. As described in SAP Note 543164, the dynamic profile parameter auth/authorisation_trace of the trace is set to Y (active) or F (active with filter). By inserting the SAP Notes 1854561 or the relevant support package from SAP Note 1847663, it is possible to define a filter for this trace via the STUSOBTRACE transaction, which you can restrict by the type of application, authorization objects, or user criteria.
If you use configuration validation, we still recommend that you use the AGS Security Services, such as the EarlyWatch Alerts and SAP Security Optimisation Services, which we describe in Tip 93, "AGS Security Services." SAP keeps the specifications and recommendations in the AGS Security Services up to date and adapts them to new attack methods and security specifications. If you have identified new security issues within a security service, you can set your target systems accordingly and monitor these aspects in the future.
Use AGS Security Services
Numbers/reminders: The payment and/or collection procedure shall be managed solely on the basis of information from the collection perspective (in particular Table BSEG). For customer and vendor transactions, the Profit Centre is not included in the SAP journal masks by default, and is therefore not available on the appropriate BSEG document lines. Since numbers and warnings are usually centrally controlled processes, this should not be a problem in practice.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
Authorizations in SAP SuccessFactors: How companies keep track and act DSGVO compliant even with multiple implementations & responsible parties.