SAP AUTHORIZATIONS: THE 7 MOST IMPORTANT REPORTS
You can find the evaluation methods in table T77AW. A valid evaluation method for our example is US_ACTGR. To assign the roles indirectly, the following requirements are required: Organisational management must be active, i.e. you must have defined an active plan variant in the client. To be able to use the employee-user connection in a SAPERP-HCM system, Info Type 0105 (Communication) and Subtype 0001 (User ID) must be maintained. To enable role management via organisational management, you must set the HR_ORG_ACTIVE switch in the PRGN_CUST table to YES in the Customising.
Run step 2a (automatic synchronisation with SU22 data). In this step, the data of the transaction SU22 of the new release will be transferred to the transaction SU24. If there is a change or difference in applications (changed check marks, suggestions, field values, or new or deleted authorization objects), the USOB_MOD or TCODE_MOD table of the MOD_TYPE is set to M. With SAP Note 1759777, a selection is offered for step 2a, with which this step can be simulated. Another option, Delete Flags for applications with modified data, is offered to apply the new changes only if Step 2a is executed selectively.
The object S_PROGRAM checks since SAP Release 2.x for the field TRDIR-SECU i.e. the authorization group of the program. As of Release 7.40, you can optionally switch on a check for the object S_PROGNAM. For more information, see note 2272827 for further instructions. The check on S_PROGNAM MUST first be activated in the customer system. Note, however, that they CORRECTLY authorize S_PROGNAM before doing so, otherwise NOBODY except emergency users will be able to start any report or report transaction after the SACF scenario is activated.
The goal is for SAP SuccessFactors users to maintain an overview of roles and authorizations in the system. Analysis and reporting tools help to achieve this. At ABS Team, we use our own combination of an SAP SuccessFactors solution and external documentation for this purpose. As the first graphic shows, our approach is built on a delta concept: all SAP authorizations and processes function independently of each other.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
In the Application Search pane, you can also limit the SU22 data to an upload file, transport jobs, or role menus.
Users who have already logged on are therefore not initially affected by changes.