Permission implementation
Check Profit Centre Permissions in FI
A major advantage of SAP SuccessFactors is flexibility. Different project teams can implement and use several modules, processes or add-ons in a short time. The processes can be optimized again and again. A central basis for extensively digitized processes are structured specifications that regulate system access and control access rights. In this context, SAP offers the concept of role-based authorizations. Role-based SAP authorizations grant different groups of people different options for action and views in the system, e.g., regulate access to salary data. Role-based authorizations are flexible and facilitate global implementations of SAP SuccessFactors, e.g. in different national companies. Once implemented, roles and their authorizations can be quickly rolled out to the new region. The roles do not have to be completely reconfigured each time. Slight adjustments are all that is required.
Optional: S_PATH authorization object: If the test identifies 3 additional permissions checks for individual paths for the S_PATH authorization object, these are checked in the fourth step. The access type and the permission group stored in the SPTH table are checked.
Check and refresh the permission buffer
The ABAP authorization concept protects transactions, programs and services in SAP systems against unauthorized access. Based on the authorization concept, the administrator assigns authorizations to users that determine which actions a user is allowed to perform in the SAP system after logging on to the system and being authenticated.
On the one hand, sensitive company data must not fall into the wrong hands, but on the other hand, they also form an important basis for decisions and strategic company directions. Avoid a scenario of accidentally accessible data or incomplete and thus unusable reports by implementing your SAP BW authorizations properly.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
In the case of decentralised maintenance of eligibility roles, i.e. maintenance of roles in different systems or clients, there is a risk that the number sequences for the generation of eligibility profiles overlap.
With the use of UCON you therefore increase the security of your system.