Roles and permissions in SAP SuccessFactors often grow organically and become confusing
Controlling file access permissions
Documents: The documents in the audit structure describe the audit steps. You can create them in accordance with your audit requirements. You can recognise documents by the symbol. Double-click on this icon to open the document.
When copying the values to the Clipboard, note that only those values that you have previously marked will be copied to the Clipboard. The value intervals that can be maintained in the permission field values are separated by a tab stop, which is stored on the Clipboard.
Reset Manually Maintained Organisation Levels to Roles
The test for the assignment of the SAP_ALL profile is carried out in the SOS differently than in the EWA: If a user is found, assigned to SAP_ALL, and you have not entered it in the corresponding whitelist, it will still be hidden in the subsequent permission checks. Identified users will be output either through a complete list or through examples of specific users. In both cases, you can download the full list in the SAP Solution Manager's ST14 transaction. You can use the Check ID to map user lists to the permission checks. However, you should note that these lists do not contain the evaluations of the whitelists.
Do you want to keep track of what changes have been made to the Central User Management configuration or the distribution parameters for the User Master's Care? You can manage the change documents centrally. The Central User Administration (ZBV) is used to create users, assign roles and distribute them to the respective subsidiary systems. For this, the ZBV has to be configured initially. These include defining the ZBV landscape, i.e. defining the central system and subsidiary systems, adjusting the distribution parameters and transferring users from the subsidiary systems to the central system. You can also configure the ZBV afterwards. For example, you can add subsidiary systems or release them from the ZBV. In the transaction, you can modify SCUM to change the field allocation properties so that fields that were originally globally distributed across the ZBVs are also locally maintainable. All this information about the changes to the ZBV configuration has not been centrally logged.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Starting with SAP Solution Manager 7.1 Support Package 5, you can use the integration between the system recommendations and the Business Process Change Analyser (BPCA) to identify business processes affected by a security advisory.
In the window that opens, select one of the new authorization objects and then select Trace > Permissions Trace > Local.