Automatically pre-document user master data
Authorizations
In addition, authorization concepts ensure that employees do not create beautiful balances and thus cause damage to stakeholders and tax authorities. Misuse of SAP authorizations becomes more difficult and the company is thus protected from significant financial damage as well as reputational damage.
This approach makes authorization management considerably more efficient, since functional changes do not have a global impact on the entire authorization structure. This ensures the quality of authorizations in the long term. Authorizations in SAP systems enable users to access the applications relevant to their activities. To ensure that processes are mapped securely and correctly, SAP authorizations must be regularly checked and reworked.
RSUSR003
Identify the personnel master record associated with the user ID that you are creating in the SU01 transaction. To do this, search within the personnel data for a personnel number that entered this user ID in the System User Name SAP System (0001) subtype of the Communication (0105) info type. Subsequently, fill in the fields of transaction SU01 with the data from the personnel master record.
The direct consequences are overauthorized users, a lack of overview and dangerous security gaps. In order to get the system back on track in the long term, a redesign is usually the most efficient solution. Depending on the requirements and project framework, we also rely on proven software solutions from our partners.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
All change documents are indexed (this can lead to a very long run time when the report is first run).
You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.
How to maintain security policies and map them to your users is described in Tip 5, "Defining User Security Policy." You need a separate security policy for administrators to implement this tip, which is often useful for other reasons.