Important components in the authorization concept
Transports
After clicking on this button, you will see the current ZBV status in the area of the same name and can release the selected system from the ZBV via the Run button. ZBV is no longer active for this subsidiary system. To avoid inconsistencies in the user master kits, you must reconcile the users in the daughter system after the ZBV is activated. You can do this in the transaction SCUG and transfer user data from the subsidiary system to the central system. Information on the technical requirements can be found in SAP Note 962457. To disable the ZBV completely, use the RSDELCUA report or the Delete button in the transaction SCUA. With this function you have the possibility to delete either only certain subsidiary systems from the ZBV or the complete ZBV.
On the one hand, sensitive company data must not fall into the wrong hands, but on the other hand, they also form an important basis for decisions and strategic company directions. Avoid a scenario of accidentally accessible data or incomplete and thus unusable reports by implementing your SAP BW authorizations properly.
System Users
For the application identifier (defined in the TBE11 table), see the TPCPROGS table. The organisational unit is evaluated in the context of the application label. In general, this is the accounting area.
In the FIORI environment, there are basically two different types of access via a tile. One is the transactional tiles and the other is the native or analytical tiles :
Authorizations can also be assigned via "Shortcut for SAP systems".
As a result, SAP FI and CO now only appear as the joint module SAP FICO.
The consistency of the default values should therefore be checked beforehand using the SU2X_CHECK_CONSISTENCY report.