MARKETING & SELF-UNDERSTANDING
Implentation of the Security Audit Log (SAL)
If you now want to change the permission data, you will be asked for values for the appropriate organisation levels. First enter a tilde (~) and define the value later in the derived roles. Maintain the permissions you want and then generate the master role. Adding the organisational level to the master role Step 2: Define derived roles Create derived roles Assign the master role After you have created the master role, it is the derived roles that are in the process. To do this, re-enter a suitable role name via the PFCG. In our example, it is called "findepartment_d01". For a better overview, it is usually useful to name and number the derivatives after the master roles. You can also define the roles according to a different scheme. After you have created the role, you must then enter the master role in the Derive from Role field in the Description tab. Confirm the Auto Enquiries. Customise the Organisation Levels Now go to the "Menu" tab. There you can see that the data from the master role was automatically copied. Since the role has not yet been generated, the Permissions tab is currently highlighted in red. Therefore, call "Change Permissions Data". The first call should automatically open a dialogue to maintain the organisational levels, as they are still empty. If this is not the case, or if you would like to adjust the organisational levels again in a later case, you can also access them via the button Ordende (see screenshot). If everything worked well, you can now see that the permissions were also automatically taken from the master role. If you generate the role, the permission tab will also appear green. Congratulations, you have successfully created a derived role! Repeat step 2 with the additional derivatives to adjust the organisation levels accordingly.
In the case of client settings, you should ensure that the production client is protected against overwriting and that changes are only approved via the transport management system (TMS) to ensure traceability. In the interests of system security, changes to repository and client-independent objects should also not be permitted. The use of eCATT and CATT should also be at least restricted, as allowing them can lead to significant database changes.
The positioning depends strongly on the previously identified target groups and must be justified accordingly. Positioning is extremely important for the SAP basis. It is primarily a matter of positioning within the IT organisation and defining or positioning the other IT departments that can be considered as competitors in the context of this step. STEP 6: OWN EMPLOYEES This step will identify the necessary skills and training of their own employees necessary to fulfil the objectives and provide the service. The necessary skills and roles for the SAP basis are explained in detail in the recommendation Skills & Roles.
In order to drive innovation in the company, it is necessary to establish a team or a few experts whose recognised role is to promote research projects and PoCs, to continuously train themselves in this regard, to develop innovation proposals and to bring them into the committees. They are therefore largely excluded from operational operations. CONSTRUCTION OF A TEST LABORATORY In addition to resources, it is also necessary to create the framework conditions for the implementation of the research and pilot projects. To this end, it is recommended to set up a test laboratory with as few restrictions as possible on company standards. These are often so massive that a quick and effective implementation of pilot projects is severely hindered or completely prevented.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
The comprehensive analysis provides the pattern and roadmap for the next steps.
Once a month (or even once a week) with the option "Perform cleanup", so that obsolete profiles and user mappings are regularly cleaned up.