Do you know that? Your department expects you to create complex SAP authorizations without having been sufficiently informed about the business context. This often leads to errors and time-consuming work, which slows down the development process of PFCG roles.
On the other hand, there are also users who have too extensive SAP authorizations. These may contain critical SAP authorizations and SoD conflicts. If these are technical users, this situation poses a high security risk. If the user is hijacked, there is often unrestricted access to a large number of connected systems.
To minimize these risks, it is recommended that you develop PFCG roles from an SAP authorization trace. This is often time-consuming and error-prone due to the many manual entries. An SAP authorization trace can contain hundreds of authorization objects, each of which can have up to ten values. There are also various options for assigning an asterisk to authorizations to speed up the process. It quickly becomes apparent that with a large SAP authorization trace, the development of compliance-compliant PFCG roles can take hours.
In addition, an existing PFCG role can be extended with a trace and regenerated. If you want to revise existing roles, for example with many manual authorization objects, you can regenerate the role in the SAP standard by selecting a predefined SAP standard SU24, or by uploading a customer-specific SU24.
This speeds up the adjustment of the authorizations of the roles enormously, especially during an upgrade or release change, since the PFCG roles are simply regenerated with the new authorizations and those of the old role. The role can be configured as required using the input parameters and then only needs to be imported into the PFCG.
Please complete the form and submit it. We'll get back to you as soon as possible.