Get an overview of the organisations and their dependencies maintained in the system
SAP license optimization
The AIS cockpit is currently in pilot delivery without SAP default audit structures. Once these are available, they are listed in SAP Note 1856125. Prior to the re-conversion of the AIS to thematic audit structures, the AIS standard roles of the role-based care environment were copied into the customer name space and assigned to the users. You can also use the AIS default roles as a template for custom area menus.
We recommend you to transport all these changes. Basically, you should always make changes to organisation levels on your development system and then transport them. If you use multiple clients, you should note that the organisation levels and the proposed permissions are client-independent data, whereas the roles and profiles in question are client-dependent. If you are using more than one client, you must also run the PFCG_ORGFIELD_ROLES report in the other mandates to determine the roles that the new organisation level will contain. With the help of this report, you must then rearrange all the roles listed in the Status column: Orgebene in Role are indicated in red. You can select these roles and then use the Reduce in Roles button to adjust them to the new organisation level.
Authorization concept - recertification process
Personally, I'm a big fan of the role-based authorizations in SAP SuccessFactors and I'm glad the system has such extensive capabilities. To review your need for action in this area, I advise you to ask yourself the following questions: Do you know which users get which SAP authorizations and why? Can you explain the concept to your data protection officer? Is it easy for you to introduce a new process because you know how the authorizations work? If you have to answer "no" here (several times), I recommend you to dedicate yourself to the topic. It will make their lives easier in the future. If you need help with this, feel free to contact us!
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
At "www.sap-corner.de" you will also find a lot of useful information on the subject of SAP authorizations.
Furthermore, the statistical data of other users (user activities, such as executed reports and transactions) should be classified as sensitive, since it may be possible to draw conclusions about work behavior using this data.