Security Automation for HR Authorizations
In-house role maintenance
For an authorization concept, a clear goal must be defined that is to be achieved with the help of the concept. This should list which regulatory requirements the respective system and the associated authorization concept must take into account. In this way, the legal framework is defined, which is a legal necessity for successful implementation.
Call the SIMGH transaction and create your own IMG structure, such as company name Customising. You will then add node outline to this tree. Often it makes sense to break down into SAP components such as finance, controlling and sales. Now add the tree as your favourite to make it easier to find it quickly. Then call the transaction S_IMG_EXTENSION and look for the IMG structure SAP Customising Introduction Guide. This is the default IMG structure in which you must include your structure. To expand, you must specify an extension ID. If there is no extension, you must create an extension ID. Position the cursor under My Favourites on the entry SAP Customising Intro Guide, and then click the Expand Structure button.
Authorization tools - advantages and limitations
A new transaction has been added to evaluate the system trace only for permission checks, which you can call STAUTHTRACE using the transaction and insert via the respective support package named in SAP Note 1603756. This is a short-term trace that can only be used as a permission trace on the current application server and clients. In the basic functions, it is identical to the system trace in transaction ST01; Unlike the system trace, however, only permission checks can be recorded and evaluated here.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
Therefore, particular care should be taken in the dedicated award of this entitlement.