Use Custom Permissions
AUTHORIZATIONS FOR BATCH PROCESSING IN THE SAP NETWEAVER AND S/4HANA ENVIRONMENT
It is important for consolidated financial statements to have the same number range in the G/L account masters in different company codes. This is ensured by the tools in the FI module. In addition, the master records can be adjusted so that it is possible to work with the different currencies of the company codes across countries.
Then run step 2c. Here too, there are new features. You will be shown a selection of the roles to match again. However, you have the possibility to perform a simulation of the mixing process via the button Mix. This allows you to see which permissions would be changed in the roles without actually doing so. For more information, see Tip 44, "Compare Role Upgrade Permissions".
Coordinate authorisation management in customer-owned programmes
Run the System Trace for Permissions (ST01 or STAUTHTRACE transaction) to record permission checks that you want to include in the role (see Tip 31, "Optimise Trace Evaluation"). Applications are logged through the Launch Permissions checks.
In general, we recommend you to use strong encryption mechanisms and to switch most users to an SSO login. You should then delete the hash values of the user passwords as described above. For release-dependent information on SNC client encryption, see SAP Note 1643878.
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
Once you call one of these roles and enter the Permissions Care, the permission values change immediately.
The website www.sap-corner.de offers a lot of useful information about SAP authorizations.
For these reasons, the first step should be to document what problems and dangers lurk if the current concept is not corrected: First, the risk of fraud, theft, and data privacy and security breaches increases.