SAP Authorizations SAP Authorizations - Overview HCM Authorization Concepts - SAP Basis

Direkt zum Seiteninhalt
SAP Authorizations - Overview HCM Authorization Concepts
Translating texts into permission roles
Increased compliance requirements and the design of internal control systems confront companies with an increasing number of rules on how SAP (and other IT) systems must be technically protected. The SAP authorization concept specifies such legal standards and internal company rules. This ensures that each user only receives the authorizations he or she needs for his or her activities. The business risk can thus be reduced to a minimum.

If such information is available from the past, it should be checked whether all topics have been implemented in accordance with the comments. If one or the other recommendation has not been implemented, this circumstance should in any case be documented in a comprehensible manner, or it should be possible to provide a comprehensible justification. However, it is not sufficient to focus only on the improvement potentials that have been presented, because it must be ensured that all those points that have not been criticized in the past will continue to fit. Preparation is made much more difficult if there are no helpful comments or reports from the previous fiscal year, or if it is a first-time audit or a change of auditor. What all does the IT auditor look at during the annual audit? There are topics that every auditor looks at because there are standards for doing so, however it is common for the auditor to perform additional audit procedures in the IT audit depending on the strategy of the overall audit. In this newsletter we want to focus on the most important standard audit topics on the process level and the IT controls defined therein in the context of the SAP® system.
Concept for in-house developments
S_PROJECT authorization object: The S_PROJECT authorization object enables you to work with customising projects. You can modify, view or delete projects, maintain status information, project documentation, and perform project evaluations.

The website www.sap-corner.de offers a lot of useful information about SAP authorizations.

The AIS cockpit is currently in pilot delivery without SAP default audit structures. Once these are available, they are listed in SAP Note 1856125. Prior to the re-conversion of the AIS to thematic audit structures, the AIS standard roles of the role-based care environment were copied into the customer name space and assigned to the users. You can also use the AIS default roles as a template for custom area menus.

The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".

Thus, the programme does not add a new default permission to the permission tree.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.

At the latest, if it is no longer possible to clearly define which transactions should be included in which roles and which roles a user requires, a correction is necessary.
SAP BASIS
Zurück zum Seiteninhalt