Security Automation for HR Authorizations
This approach makes authorization management considerably more efficient, since functional changes do not have a global impact on the entire authorization structure. This ensures the quality of authorizations in the long term. Authorizations in SAP systems enable users to access the applications relevant to their activities. To ensure that processes are mapped securely and correctly, SAP authorizations must be regularly checked and reworked.
In order to use the statistical usage data, you must first extend the default SAP value of the retention time to a reasonable period of time. For a representative period, a minimum of 14 months and a maximum of 24 months shall be sufficient. This includes day-to-day business, monthly financial statements, underyear activities such as inventory and annual financial statements. Now call the transaction ST03N and navigate to: Collector & Perf. Database > Performance Database > Workload Collector Database > Reorganisation > Control Panel.
Grant permission for external services from SAP CRM
You have already created roles for SAP CRM and would like to add additional external services? Nothing easier than that! Create PFCG roles for the SAP CRM Web Client, typically so that you complete the customising of the CRM business role before creating the PFCG role, based on this customising. However, the customising of the CRM business role may be updated. The PFCG role must now also be adjusted, otherwise the newly configured area start pages or the logical links will not be visible. However, there is no automatism for this, as it exists during the initial creation of the role menu. You must apply the adjustment manually in the PFCG role.
To make changes to the table logger, you must have the same permissions as the SE13 transaction to customise, so you must have the appropriate permissions for all tables to modify. The changes are always written to a transport order. The RDDPRCHK report allows you to enable table logging for multiple tables; however, it is not possible to disable logging on multiple tables. This is still only possible through the SE13 transaction.
For the assignment of existing roles, regular authorization workflows require a certain minimum of turnaround time, and not every approver is available at every go-live. With "Shortcut for SAP systems" you have options to assign urgently needed authorizations anyway and to additionally secure your go-live.
Since there may of course be different security requirements for the systems in your landscape (e.g. development and production systems), you can define different target systems with the appropriate settings.
However, they will lead to greater transparency and security.