Ensuring secure administration
Extend permission checks for documents in FI
Furthermore, automation is possible with the help of a customer-specific ABAP programme. To do this, you should take a closer look at the AGR_TEXTS table. The table contains the different text blocks in different languages. Here we show you a section of the table with our example role Z_SE63. Short texts are assigned a value of 00000 in the column LINE, and long texts are assigned a value of 00001 to 0000x. The language keys are displayed in the SPRAS column. An ABAP programme now allows you to write the counterparts for the text fields in the target language into the fields in the tables.
The logging takes place in both the central system and the subsidiary systems. If the change documents are to be read for the attached subsidiary systems, the subsidiary systems must also be at the release and support package status specified in SAP Note 1902038. In addition, RFC users in their daughter systems need permission to read the change documents using the S_USER_SYS authorization object with the new activity 08 (Read the change document).
Features of the SAP authorization concept
Do you have considerable care effort due to additional roles that you cannot deduce? Create a new organisational level to solve your problems. In the SAP system, you can create derived roles for specific fields in authorization objects. This is possible only if these fields are organisation levels. Unfortunately, not all fields that you need as an organisation level are laid down in the standard as such, such as the cost centre. It may also be that you only use one sales organisation in your company and would therefore like to define the sales office. So there are several reasons why you want to define a field as an organisational level. We will explain how this works and what you need to consider.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
Sometimes implementation consultants are also confronted with the situation that no authorization concept exists at all. This happens, for example, when changes in SAP SuccessFactors responsibilities occur on the customer side or different implementation partners were active in the past. However, a missing concept can lead to errors in the system. Users cannot perform certain actions, or worse, people see sensitive data that they should not see. This can, in the worst case, constitute a DSGVO violation and lead to a fine for the company.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
In compliance with the minimum principle and the separation of functions, the roles used must be defined, along with specifications for their naming, structure and use.
This makes it possible to run Step 2a separately for software components installed afterwards.