Excursus Special feature for authorizations for FIORI Apps under S/4HANA
Using suggestion values and how to upgrade
Once the programme implementation and documentation have been completed, a functional test will always follow. A corresponding eligibility test should not be forgotten. The permission test must include both a positive and a negative permission test.
Configuration validation uses the CCDB's configuration data to reconcile settings. To do this, you define your customer-specific security settings technically in a target system. This contains the specifications for the configuration of SAP systems. You can also define a target system based on the settings of an existing system and adapt it to your requirements. Then you compare the settings of your SAP systems with this target system on a daily basis and get an overview of the deviations. Since there may of course be different security requirements for the systems in your landscape (e.g. development and production systems), you can define different target systems with the appropriate settings. You then start the comparison with a target system for the relevant systems. Alternatively, you can compare to an actual system; For example, this is a useful function in the context of a roll-out.
PROGRAM START IN BATCH
Two other very important settings are the activation of the security audit log and the table logging. Both parameters must be activated in order to ensure traceability at the user level as well as at the table level. It should therefore be checked whether the detailed settings for the security audit log are set up in accordance with the company's specifications and, in any case, whether all users with comprehensive authorizations, such as SAP_ALL, are fully covered by the logging without exception.
However, if a company does not have a concept for introducing new SAP authorizations and these are always coupled with new roles, the roles and authorizations will continue to grow. New modules, new processes and new user groups very quickly lead to many authorization groups, numerous authorization roles and complex documentation - even assuming the ideal case that companies have used Excel, for example, for all previous implementations and enhancements and have kept the documentation up to date. What is the purpose of a role? Which user has which authorization? Due to the amount of roles and authorizations, it quickly becomes confusing for users. System performance also suffers as the amount of data increases.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
You have an organizational structure that includes 4 hierarchical levels - authority, department, unit, functional area).
If the entry is empty, the user is present in the SAPS system.