Optimization of SAP licenses by analyzing the activities of your SAP users
Correct settings of the essential parameters
Personally, I'm a big fan of the role-based authorizations in SAP SuccessFactors and I'm glad the system has such extensive capabilities. To review your need for action in this area, I advise you to ask yourself the following questions: Do you know which users get which SAP authorizations and why? Can you explain the concept to your data protection officer? Is it easy for you to introduce a new process because you know how the authorizations work? If you have to answer "no" here (several times), I recommend you to dedicate yourself to the topic. It will make their lives easier in the future. If you need help with this, feel free to contact us!
Since the maintenance effort would be too great if individual authorizations were entered in the user master record, authorizations can be combined into authorization profiles. Changes to access rights take effect for all users who have entered the profile in the master record.
Analyzing the quality of the authorization concept - Part 1
The following sections first describe and classify the individual components of the authorization concept. This is followed by an explanation of which tasks can be automated using the Profile Generator.
There is a special feature for roles if the corresponding SAP system is based on S/4HANA. While under SAP ERP only roles with authorizations for the GUI system were relevant, corresponding business roles are required for the applications under FIORI. In addition to the roles in which authorization objects and authorization values are entered, so-called business roles are also required.
However, if your Identity Management system is currently not available or the approval path is interrupted, you can still assign urgently needed authorizations with "Shortcut for SAP systems".
You must now configure these organisational values in the system as organisational criteria that represent business areas; serve as a bridge between the organisational columns in the tables and the permission field in the authorization object.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
In this blog post, we would like to summarize the context for practical use.