Making the RESPAREA responsibility the organisational level
SAP Security Concepts
SOS reports can be very comprehensive. In particular, if the Whitelists are not yet maintained, reporting volumes of up to 200 pages are not uncommon. Do not be discouraged in such a case, but start by cleaning up a manageable amount of critical SOS results. You can then edit the further results in several rounds. The AGS recommends which critical SOS results you should consider first; You can find these in the AGS Security Services Master slide set in the SAP Service Marketplace Media Library.
In a redesign, we follow the principle of job-related workstation roles to technically map the job profile of the employees. To minimize the effort for the same job profiles with different organizational affiliations, the organizational units are inherited via an additional role. The separation of technical and organizational requirements greatly simplifies role development and modification. If certain people, such as team leaders, require extended authorizations, key user roles are developed for them, which extend the existing job role.
User administration (transaction SU01)
As a role developer, you can now select the specific application in the PFCG transaction from the list of web dynpro applications published by the software developers on the Menu tab and enter it in the Role menu. To generate the role profile, switch to the Permissions tab. There you can check the concrete value expressions of the S_START permission fields and, if necessary, the additional relevant authorization objects for this Web application and supplement them if necessary. Finally, you must generate the role profile as usual.
During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
If transactions are changed in the role menu of a single role, this option is automatically suggested to the operator.