Mitigating GRC risks for SAP systems
Determine Permissions Error by Debugging
Documents: The documents in the audit structure describe the audit steps. You can create them in accordance with your audit requirements. You can recognise documents by the symbol. Double-click on this icon to open the document.
When creating the PFCG individual roles in the respective SAP system, you should create the menu structure so that they can be combined with other individual roles in a single role. Once you have created the individual roles with the correct role menu, you can assign them to a collection role. Add the Role Menu to the Collect Roll using the Read Menu button. The menu can now be finally sorted. If changes to the roll menu are necessary, however, you must first make them in the individual rolls and then remix them in the roll roll (using the Mix button, see figure next page above). Transactions from other SAP systems such as SAP CRM, SAP SCM etc. can also be integrated into the NWBC. To do this, you first create the PFCG role for the relevant transactions in the target system. From the individual roles you can create collection roles with a defined menu structure.
What to do when the auditor comes - Part 2: Authorizations and parameters
Create a function block in the Customer Name Room. You can choose the supplied SAMPLE_INTERFACE_00001650 as the template. For us, it has proven itself, in the name of the new function block, the name BTE and the number of the template (here: 1650).
For each area, the connection to other modules is the first priority. For example, for the Controlling division, the connection to the Finance division is first established by connecting the accounting area (FI) to the cost accounting area(s). The assignment of the cost accounting area to the result area is then an internal allocation within the controlling. If no allocations are found for certain valid organisational values, one of the two modules or the relevant functional area shall not be used for the organisational units of the enterprise.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
If the value is 0, the Permissions Check succeeded.
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
The AIS has existed in the SAP system for quite a long time; It is designed as a tool for testing and evaluating SAP systems and is delivered by SAP ERP to the standard.