Implementing the authorization concept in the FIORI interface
The security check also shows when no redesign is necessary because the authorizations found are compatible with the current concept. The checks allow incorrect authorizations to be identified and rectified without a redesign.
For an up-to-date description of the eligibility tests in the EWA, see SAP Note 863362. Updates to these checks are provided by keeping the ST-SER software component, which contains the definition of checks to be performed, up to date and enabling the automatic content update in the SAP Solution Manager.
Preventing sprawl with the workload monitor
For each form of automated derivative of roles, you should first define an organisational matrix that maps the organisational requirements. To do this, you must provide data on each organisation in a structured form.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
Only adding an authorization object via SU24 does not automatically result in a check within the transaction. The developer has to include an authorization check exactly for this object in the program code.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
You can decide whether the text of each folder should consist of the technical name or the short text of the role.
To do this, you must first place the organisational matrix in the customising (transaction SPRO), i.e. you enter the values or value ranges in the Organisation Level Mapping details area for the different organisation fields.