Permission implementation
Extend permission checks for documents in FI
Secure management of access options in the SAP system is essential for any company. This makes it all the more important to analyze and improve the authorizations assigned. This step serves as optimal preparation for your S/4 HANA migration. Managed Services supports central and efficient administration to ensure an optimal overview. In order to sustainably improve your processes, a database provides information on possible optimizations for SAP licenses.
From the result of the statistical usage data, you can see which transactions (ENTRY_ID) were used, how often (COUNTER), and how many different users. There are various indications from this information. For example, transactions that were used only once by a user within 12 months could indicate a very privileged user, or inadvertently invoking a transaction for which a user has permissions. The future assignment of such transactions in the SAP role concept should then be critically questioned. In contrast, you should consider transactions with a high level of usage and a large user circle (e.g. with more than ten users) in an SAP role concept.
Conclusion and outlook
Logs: Protocols exist for all audits performed. This allows you to review the history of the audit results at a later stage or to view only the results of the last audit. To do this, use the protocol evaluation of the AIS in the transaction SAIS_LOG or click the button in the transaction SAIS.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
At "www.sap-corner.de" you will also find a lot of useful information on the subject of SAP authorizations.
This very critical authorization can be used to electronically erase, or manipulate program runs including authorization queries in a variety of ways.