User & Authorization Management with SIVIS as a Service
In-house role maintenance
Standard permissions required for a functionally fully descriptive role should be maintained accordingly. It is recommended to disable and not delete unneeded permissions, or even entire permission branches. Permissions that have been set to Inactive status are not reinstated as new permissions in the permission tree when they are reshuffled, and those permissions are not included in the profile generation process, and thus are not assigned to a role in the underlying profile.
For each form of automated derivative of roles, you should first define an organisational matrix that maps the organisational requirements. To do this, you must provide data on each organisation in a structured form.
Lack of know-how
For each area, the connection to other modules is the first priority. For example, for the Controlling division, the connection to the Finance division is first established by connecting the accounting area (FI) to the cost accounting area(s). The assignment of the cost accounting area to the result area is then an internal allocation within the controlling. If no allocations are found for certain valid organisational values, one of the two modules or the relevant functional area shall not be used for the organisational units of the enterprise.
With these methods, we not only help you with the implementation. You can also maintain and manage the solutions yourself afterwards, or you can trust us to run them for you: We call this Customer Success.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
One way of gaining direct access to downstream systems from the development system and possibly performing unauthorized activities there is to use incorrectly configured interfaces.
You do not want a user without a user group to be able to be created in your SAP systems? Users without a user group can be changed by all administrators with permission for any user group.