In transaction PFUD (see image above), you can perform the user match manually for all roles (or selected roles). You can choose between the matchup types Profile Matchup, Matchup of Indirect Assignments from Composite Roles, and Matchup HR Organizational Management. According to SAP documentation, the matchups differ as follows: Profile Matchup: "The program compares the currently valid user assignments of the selected single roles with the assignments of the associated generated profiles and makes any necessary adjustments to the profile assignments. Matching indirect assignments from composite roles: User assignments to composite roles result in indirect assignments for the single roles contained in the composite role. This match type matches the indirect assignments of the selected single roles to the user assignments of all composite roles that contain the single roles. If the selection set contains composite roles, the comparison takes place for all single roles contained in it. HR Organizational Management comparison: This comparison type updates the indirect assignments of all selected single and composite roles that are linked to elements of HR Organizational Management. The HR adjustment is inactive and cannot be selected if no active plan version exists or if a global deactivation has been made by setting the Customizing switch HR_ORG_ACTIVE = NO in table PRGN_CUST. Furthermore, the option "Perform cleanup" is interesting, which can be selected independently of the three adjustment types and does not refer to the role selection. The Perform Cleanup function can be used to remove residual data that resulted from incomplete deletion of roles and the associated generated profiles.
In the beginning, in our company the installation and management of the systems were dealt with by the functional consultants/consultants of the respective systems. The CRM consultant was responsible for the SAP CRM system, the SRM consultant for the SAP SRM, etc.
Introduction & Best Practices
An SAP administrator has the task of controlling a company's SAP system and ensuring its proper functioning. He/she maintains and monitors SAP applications and is also responsible for their development.
An SAP HANA system lives on applications. When you develop these applications, you should think about securing them early. Using HTTPS instead of HTTP is one of the basics. In addition, you ensure secure authentication and implement a Secure Software Development Lifecycle to ensure backup in your own developments. In your applications, you better start to check them for risks early on and run this backup process regularly. You can analyse and restrict access to source code later. Create a risk register and address security vulnerabilities in a risk-based manner. The later you discover a risk, the more expensive the fix will be. Further information on SAP Security in addition to the article can be found here. Do you have any further questions or suggestions concerning this topic? Would you like us to go further on the subject? I look forward to your feedback!
Tools such as "Shortcut for SAP Systems" are extremely useful in basic administration.
Continuous training in the field is advisable in order not to lose touch.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
Implementation SAP Note number 2408073.