Define a user group as mandatory field in the user root
In IT systems to which different users have access, the authorizations usually differ. How an authorization concept for SAP systems and the new SAP S/4HANA for Group Reporting can look.
In addition, authorization concepts ensure that employees do not create beautiful balances and thus cause damage to stakeholders and tax authorities. Misuse of SAP authorizations becomes more difficult and the company is thus protected from significant financial damage as well as reputational damage.
Map roles through organisational management
The best way for companies to combat historically grown uncontrolled growth in authorizations is to prevent it. An analysis of whether the current authorization concept is sufficient for the company helps here.
Increased compliance requirements and the design of internal control systems confront companies with an increasing number of rules on how SAP (and other IT) systems must be technically protected. The SAP authorization concept specifies such legal standards and internal company rules. This ensures that each user only receives the authorizations he or she needs for his or her activities. The business risk can thus be reduced to a minimum.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
In addition to SAP book recommendations on SAP authorizations, I can also recommend the books from Espresso Tutorials such as "SAP Authorizations for Users and Beginners" by Andreas Prieß * or also the video tutorial "SAP Authorizations Basics - Techniques and Best Practices for More Security in SAP" by Tobias Harmes.
SAP Note 1711620 provides the functionality of an SAP_NEW role that replaces the SAP_NEW profile.