Use SAP_NEW correctly
Efficient SAP rollout through central, tool-supported management
In the area of group consolidation, an authorization concept ensures that no data can be deliberately manipulated, for example to change balance sheets. This can prevent significant financial or reputational damage to banks and stakeholders. Furthermore, access to financial data of subdivisions of a group, such as individual business units or companies, must be restricted to those employees who are allowed to access it because their current activities require it. As a result, a controller of a business unit, for example, can only view the consolidated figures of his business unit, but not the figures of the entire group. Further authorization roles are required, for example, for external auditors. These auditors check all the figures for the entire group, but may only have read access to this data.
However, it is possible to include the same role in several tasks of different operators within each contract. This increases transparency for you, because all participants can instantly identify which users are editing the role. Before you enable the use of the SCC4 transaction setting for role maintenance, you should release existing role transports to avoid recording conflicts. As a rule, you do not choose the setting depending on your role-care processes; So you have to think very carefully about what the activation will do.
Best Practices Benefit from PFCG Roles Naming Conventions
You can adjust these evaluation methods in the table T77AW or in the transaction OOAW. To do this, select the respective evaluation path by selecting it, and click on the evaluation path (individual maintenance) in the menu on the left. The table that appears defines the relationships between the objects. For SAP CRM only the objects Organisational Unit (O), Headquarters (S), Central Person (CP) and User (US) play a role. For simplicity, you can now copy the lines that use the Person (P) object. Enter a new number here and replace the object P with the object CP.
Although it is possible to create profiles manually, it is recommended to work with the profile generator. The Profile Generator allows you to automatically create profiles and assign them to user master records. The Profile Generator is used to simplify and speed up user administration and should always be used when setting up authorizations for your employees. The Profile Generator is also used to set up the user menus that appear when users log on to the SAP system.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
You can prevent this behaviour by setting the login/no_automatic_user_sapstar profile parameter to 1.
A typical application arises when a new SAP user is requested.