User & Authorization Management with SIVIS as a Service
Get an overview of the organisations and their dependencies maintained in the system
You can set up a nightly background job to match the certificates with your customer's own programme. This requires that the certificates can be obtained through an SAP programme.
In the transaction SU01, enter a non-existent user ID and click the Create button (F8). The BAdI BADI_IDENTITY_SU01_CREATE is called with the new user ID. Implementation in the BAdI is running. For example, here you can read additional attributes to the new user from an external data source. The data collected within the BAdIs is written into the fields of the transaction SU01. This will show you the new user master set with the pre-filled fields. You can edit the user master record, such as assign roles, or change the pre-populated fields.
Grant permission for external services from SAP CRM
If a release change occurs, the adjustment of permissions is also required as a rework. You will have already learned that this task can be very complex. Many innovations make this work easier and make the whole process more transparent. In the event of a release change, not only new applications are often added, but also new or modified authorization objects, permission checks, and, as a result, modified suggestion values. With the SU25 transaction, you can update the suggestion values step by step and then update all the affected roles. So far, however, the transaction has been a kind of black box for you. You have performed each step without seeing how your suggestion values or roles have changed. We will now show you how to use the new features of the SAP NetWeaver Application Server ABAP to increase transparency in upgrading suggestion values and mixing PFCG roles.
Like all other security issues, SAP authorizations must be integrated into the framework used. The risks associated with incorrectly assigned authorizations must be classified as very high. The definition of a holistic governance, risk and compliance management system is required. This ensures that risks are recorded, analyzed, evaluated, coordinated and forwarded within the company at an early stage. Accordingly, the risks arising from incorrectly assigned SAP authorizations or from a lack of a process for monitoring authorizations are also included here.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Documents: The documents in the audit structure describe the audit steps.
If the concept can no longer be implemented in a meaningful way, or if it has already been set up incorrectly, it will be necessary to create a new one.