Authorization roles (transaction PFCG)
ACCESS CONTROL | AUTHORIZATION MANAGEMENT FOR SAP®
In order to get an overview of the organisations and their structure, we recommend that you call the Org-Copier (in read mode!) for the various organisational fields via the transactions EC01 to EC15. The customising in the SPRO transaction allows you to define the organisation fields and their respective assignment in the corporate structure area.
It is best if the persons responsible for the system develop role descriptions with their departments in advance and document them outside SAP SuccessFactors (e.g., as in Fig. 2). In case of queries, they can use this basis to explain exactly why someone has been given a certain authorization. The role descriptions and the report help to work in a DSGVO-compliant manner. Since the report updates automatically, companies have no additional effort to document the changes - one less unloved (and often "forgotten") task.
Statistical data of other users
Developer and customizing authorizations represent a great potential danger in productive SAP systems. Here, authorizations must be assigned very restrictively, e.g. only to emergency users. The same applies to RFC connections from a development system to productive systems. Such connections can only be used to a very limited extent.
Authorizations in SAP systems form the basis for Identity & Access Management. They enable users to access the applications they need to perform their activities. Since functional and organizational requirements are subject to change, SAP authorizations must be regularly checked and reworked. This is the only way to ensure that processes are mapped securely and completely correctly from a technical point of view.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Do the same for all other authorization objects.
You can do this by clicking on the report PRGN_COMPRESS_TIMES.