Note the maintenance status of permissions in roles and their impact
Assignment of critical authorizations and handling of critical users
In order for these FIORI apps/tiles and groups to be displayed, the corresponding authorizations must be made on the basis of a group and catalog assignment. These are assigned via specific groups, which in addition to the normal authorizations (such as create, change, display cost centers) also assign access to the appropriate FIORI Apps.
In many SAP environments, there are historically grown authorization structures that cause unnecessary security gaps. These should be examined closely.
Architecture of authorization concepts
Roles can be cut so that, for example, they only have display or change permissions. Furthermore, it could be differentiated between customising, master data and movement data maintenance.
With apm Suite, you can put together your individual GRC/SOX-compliant solution for SAP authorizations as needed. This is helpful, for example, to optimally manage SAP roles, for the determination of critical rights, the SAP user application, the auditing of emergency users or the password self service. With apm Suite you will never lose track of your compliance in SAP authorization management.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
You may need to ask the developer of the application for navigation information.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
Custom tables, or SAP standard tables that you want to protect in particular, belong to separate, if applicable, customer-specific table permission groups.