SAP Authorizations User Management - NW Admin

Direkt zum Seiteninhalt
User Management
Copy the user from the Clipboard to the Transaction SU10 selection
You can also remove customer-specific organisational levels and convert them to a simple permission field. The report PFCG_ORGFIELD_DELETE serves for this purpose. It removes the permission field from the USORG table and changes the permission proposal values to that field. Finally, it goes through all the rolls that contain a shape to the field. However, it does not restore the old location of the field, because summarised values will no longer be separated when the field is elevated to the organisational level. Instead, the aggregated values are entered separately in each field. The PFCG_ORGFIELD_DELETE report also provides a value aid that shows only the customer's organisational levels. You can also use this value aid to determine all customer-specific organisational levels.

You would like to revise your authorisation concept and tailor SAP roles only to the productive processes. We show you how to use the statistical usage data from the Workload Monitor for the SAP role definition. One of the biggest effort drivers in redesigning SAP role concepts is the definition of transactional expression of SAP roles. By using the statistical usage data from the workload monitor, you can avoid costly coordination with process managers in the sense of a Green Field Approach. In this way, you can tailor your SAP role concepts to the content of the usage behaviour. The only requirement is that the data be available for a representative period. This is two months in the SAP standard; You can also extend this time period. Below we describe how you can use the statistical usage data from the Workload Monitor for the SAP role definition.
Use usage data for role definition
Authorizations in SAP systems form the basis for Identity & Access Management. They enable users to access the applications they need to perform their activities. Since functional and organizational requirements are subject to change, SAP authorizations must be regularly checked and reworked. This is the only way to ensure that processes are mapped securely and completely correctly from a technical point of view.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.


A mass rolling out of rolls is a very useful thing. It is also possible to use Excel-based data - as in the case of the outlined application case with eCATT - because it is a one-time action for the roles considered and SAP standard programmes are used in the background. However, ongoing maintenance of the permissions system, with continuous changes to roles and their detail permissions, requires the mapping of much more complex operations. An exclusive control over Office programmes should be well considered. This does not mean, of course, that there are not very good partner products for the care of roles. Simply verify that SAP standard procedures are used and that authorisation is managed in accordance with SAP best practices.

Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.

Many of these concepts had in common that they had been oversimplified, not simply.

Although a user has been assigned a role with the correct permission data, this user is presented with a permission error due to missing permissions.
NW BASIS
Zurück zum Seiteninhalt