Use usage data for role definition
With the transaction SUIM you can search under roles, roles with different search criteria. The variant "Roles by complex selection criteria" covers all possible selection criteria. However, you can also search only for a specific selection criterion (e.g. only for transactions, only for authorization objects...).
With Managed Services, you receive professional management and improvement of your SAP authorizations. In doing so, we analyze your existing workflows and processes and work out optimization potentials. The implementation of the potentials takes place within a few months. As a basis for central and efficient administration, we implement an underlying tool, working continuously and directly with your SAP key users.
BASICS FOR USING SAP REPORTS
On the one hand, sensitive company data must not fall into the wrong hands, but on the other hand, they also form an important basis for decisions and strategic company directions. Avoid a scenario of accidentally accessible data or incomplete and thus unusable reports by implementing your SAP BW authorizations properly.
Another option is to not assign the SAP_NEW permission to a user. For example, during the tests to be performed, both the development system and the quality assurance system will experience permission errors. These should then be evaluated accordingly and included in the appropriate eligibility roles for the correct handling of the transactions.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
In addition, it is important to document the regular operation of SAP in order to have evidence of this for external and internal requirements.
Like all other security issues, SAP authorizations must be integrated into the framework used.