Transactional and Native or Analytical Tiles in the FIORI Environment
SAP S/4HANA: Analysis and simple adjustment of your authorizations
Configuration validation uses the CCDB's configuration data to reconcile settings. To do this, you define your customer-specific security settings technically in a target system. This contains the specifications for the configuration of SAP systems. You can also define a target system based on the settings of an existing system and adapt it to your requirements. Then you compare the settings of your SAP systems with this target system on a daily basis and get an overview of the deviations. Since there may of course be different security requirements for the systems in your landscape (e.g. development and production systems), you can define different target systems with the appropriate settings. You then start the comparison with a target system for the relevant systems. Alternatively, you can compare to an actual system; For example, this is a useful function in the context of a roll-out.
In the IT sector, we have to face new challenges every day. New technologies require us to act accordingly in order to always keep the current system landscape up to date, to strengthen our position on the market and, of course, to gain a technological edge over other competitors. This is also reflected in the corresponding SAP system landscape. Read in the two-part blog series why an authorization concept should be considered as early as possible in a project phase - especially when converting to SAP S/4HANA.
Create permissions for customising
Running the system trace for permissions gradually for each application server is tedious. We will show you how to record permission checks on multiple servers at the same time. If you want to use the System Trace for permissions in a system with multiple application servers, you should note that the Trace can only log and evaluate data per application server at any time. Therefore, if a permission error occurs, permission administrators must first check which application server the user is logged on to with the permission issue and then start the trace on that application server. We give you a guide to record permissions checks on certain application servers, but we also show you a way to use this feature centrally.
You can't keep an eye on everything. Therefore, avoid that your colleagues do not assign users to a user group, and thus ensure that the user master data maintenance permissions check is correct. You do not want a user without a user group to be able to be created in your SAP systems? Users without a user group can be changed by all administrators with permission for any user group. You should also prevent incomplete permission checks when assigning roles and profiles to users without a permission group. Because it is possible to assign roles and permissions to a user first, and then assign a user group that does not have permission to assign roles and profiles. Finally, do you want to change the user group for an existing user without having permission for the new user group? In the following section we will show you how to secure your user master data maintenance.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
The wording should not be too general, but should explicitly address the special features of programming in SAP.
Unfortunately, not all fields that you need as an organisation level are laid down in the standard as such, such as the cost centre.