Understanding SAP HANA Permissions Tests
Security Automation for HR Authorizations
In Step 2b (Customised Proposal Values), you must manually adjust the entries that you manually changed in the SU24 transaction in the initial release. This will start the SU24 transaction in upgrade mode, and you can step by step through all applications and match the changes. If you have created custom organisational levels (ormits), you must restore them at this point using the PFCG_ORGFIELD_UPGRADE report. The report must be called for each organisational level. Only the organisation levels that you create are displayed through the Value Help. SAP Note 727536 lists questions and answers about the use of customer-specific organisational levels.
Finally, the check logic provides for a row-level check within a table if you want to restrict access to the table contents depending on an organisational mapping. For example, if you want a user to view only the data from a table that affects the country where their work location is located, you must configure it accordingly. To do this, you define and activate organisation-relevant fields as an organisational criterion (see Tip 62, "Organisationally restrict table editing permissions"). To keep track of which users can access which tables, run the SUSR_TABLES_WITH_AUTH report. This report provides information about which user or single role has the S_TABU_DIS or S_TABU_NAM authorization objects. The result list shows all the authorised tables, their permissions, and their permission values.
Testing Permission
Many companies do not pay enough attention to the topic of authorizations in SAP SuccessFactors. It often seems too complex and confusing. Both the creation of a concept and the harmonization of existing structures often seem like a mammoth task. However, with role-based authorizations, SAP provides a very powerful control tool that remains clear with a little help and documentation.
See SAP Note 1763089 for information on the system requirements and support packages you need to access the new feature. With these support packages the transaction SAIS, the new AIS cockpit, is delivered. The AIS has thus been switched from the previous role concept to thematic audit structures and offers new functions, such as logging all audit activities. The AIS has existed in the SAP system for quite a long time; It is designed as a tool for testing and evaluating SAP systems and is delivered by SAP ERP to the standard. It includes the function of audit structures, a collection of audit functions on the areas of commercial audit and system audit, including their documentation. The commercial audit includes organisational overviews and balance sheet and process orientated functions. For example, this allows you to evaluate information about financial accounting and tax receipts. The AIS system audit covers general system audits and analysis of users and permissions. For example, it includes functionality to check profile parameters or transport.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
For a long time, SAP authorization consultants and ABAP developers have disagreed on how to implement authorization object characteristics in the coding.
Last but not least, a well-managed suggestion value maintenance helps you with upgrade work on suggestion values and PFCG roles.