Organisationally restrict table editing permissions
Coordinate authorisation management in customer-owned programmes
It is best if the persons responsible for the system develop role descriptions with their departments in advance and document them outside SAP SuccessFactors (e.g., as in Fig. 2). In case of queries, they can use this basis to explain exactly why someone has been given a certain authorization. The role descriptions and the report help to work in a DSGVO-compliant manner. Since the report updates automatically, companies have no additional effort to document the changes - one less unloved (and often "forgotten") task.
In IT systems to which different users have access, the authorizations usually differ. How an authorization concept for SAP systems and the new SAP S/4HANA for Group Reporting can look.
Goal of an authorization concept
An overview of the actual relevant information for your system landscape can be obtained from the application System recommendations in the Change Management section of the SAP Solution Manager (transaction SOLMAN_WORKCENTER or SM_WORKCENTER). This application will provide you with a recommendation for the SAP and non-SAP hints to be implemented for the evaluated systems.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
To do this, you must first create meaningful subfolders in the customer's own structure.