Perform upgrade rework for Y landscapes permission proposal values
SAP Note 1854561 provides a new possible value for the auth/authorisation_trace parameter: F (Trace enabled with filter). Allows you to limit the permission trace to values that can be set by the filter. The filters are defined in the STUSOBTRACE transaction (see SAP Note 1847663).
Sometimes implementation consultants are also confronted with the situation that no authorization concept exists at all. This happens, for example, when changes in SAP SuccessFactors responsibilities occur on the customer side or different implementation partners were active in the past. However, a missing concept can lead to errors in the system. Users cannot perform certain actions, or worse, people see sensitive data that they should not see. This can, in the worst case, constitute a DSGVO violation and lead to a fine for the company.
Challenges in authorization management
If you still have problems with the performance of the evaluation, despite the regular archiving and indexing of the modification documents of your user and permission management, this is probably due to the amount of central change documents. In this case, you also need an archiving concept for other key change document data. SAPHinweis 1257133 describes the procedure for creating such a concept.
With these methods, we not only help you with the implementation. You can also maintain and manage the solutions yourself afterwards, or you can trust us to run them for you: We call this Customer Success.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
In SAP systems you always have the possibility to integrate custom developments.
The four important concepts of SAP security first require a certain amount of effort.