SAP S/4HANA: Analysis and simple adjustment of your authorizations
Compare Role Upgrade Permissions Values
If you want to set up a new client or take over the movement data of the productive system in a development system, you should also consider the modification documents. If you have a client copy, you should first delete the indexing of the change documents (table SUIM_CHG_IDX), since you can restore the indexing after the copy. To do this, use the SUIM_CTRL_CHG_IDX report without selecting a date and check the Reset Index box. After the copy has been made, delete the change documents that are dependent on the client; This also applies to the client-independent change documents (e.g., proposed permissions, table logs) if you have copied the client to a new system. In addition, you should remove the shadow database alterations before copying the client and complete the index build after the copy. In any case, check the Reset Index box in the SUIM_CTRL_CHG_IDX report!
Permissions must be maintained in every SAP system - a task that becomes more difficult the more complex the system landscapes and the greater the number of users. Especially in growing system landscapes, once defined concepts no longer fit the current requirements or the processes in role and authorisation management become more and more complex and cumbersome over time.
Limitations of authorization tools
The other fields in the SMEN_BUFFC table describe the structure of the favourites, where the OBJECT_ID field is the unique key of the favourite entry. In the PARENT_ID field, you will find the parent item's object ID, and the MENU_LEVEL field describes the level of the entry in the favourite folder structure. You can read the order in which the favourite entries are sorted from the SORT_ORDER field.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
Worse is the case that someone has too many permissions, i.e. the type: "User xy should not have this permission anymore" (CASE2).