Maintain proposed values using trace evaluations
Roles and permissions in SAP SuccessFactors often grow organically and become confusing
As a role developer, you can now select the specific application in the PFCG transaction from the list of web dynpro applications published by the software developers on the Menu tab and enter it in the Role menu. To generate the role profile, switch to the Permissions tab. There you can check the concrete value expressions of the S_START permission fields and, if necessary, the additional relevant authorization objects for this Web application and supplement them if necessary. Finally, you must generate the role profile as usual.
For the application identifier (defined in the TBE11 table), see the TPCPROGS table. The organisational unit is evaluated in the context of the application label. In general, this is the accounting area.
Audit Information System Cockpit
If you have a Central User Administration (ZBV) in use, there are certain dependencies between the base release of your ZBV and the base release of the subsidiary systems. Check the compatibility of your systems before setting the login/password_downwards_ compatibility profile parameter. For details on the technical dependencies between releases, see SAP Note 1458262.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
The user administration process, i.e. user creation, modification and deactivation, should on the one hand be available in written documented form, either as a separate document or as part of the authorization concept documented in writing, and on the other hand also be carried out in accordance with the documentation. Therefore, a reconciliation should be performed on two levels: on the one hand, it should be ensured that the documentation is up to date and, on the other hand, it should be checked whether the process was also followed in the fiscal year to be audited. Possible deviations should already be prepared argumentatively, special cases can always occur that deviate from the actual process. However, these should be documented in a comprehensible manner so that an external auditor, such as the auditor's IT auditor, can check the plausibility. All documentation should be provided with the essential information (creator, date, version, etc.) and be in a format that cannot be changed (usually PDF). Additional documentation can also be output from the ticket system, provided that the process is consistently documented via the ticket system.
Authorizations can also be assigned via "Shortcut for SAP systems".
You can do this for each intermediate release individually.
For users for which no user type has been defined in the ZBV, either the default user type of the subsidiary system or the user type defined by the local measurement programme (transaction USMM) run is reported in the Contractual User Type column.