Technically, the creation of authorizations in SAP systems is a relatively simple operation. If you know to which transactions/programs the authorizations are to be assigned and what restrictions should be made, the creation of an appropriate role does not seem complicated. However, the picture becomes less clear when you look at the authorizations from the perspective of the whole system.
In functionally complex systems, like SAP solutions, the key is to design the grid of authorizations in such a way so as to enable them to be clearly assigned to the appropriate job positions (users). The challenge is to group authorizations in roles in such a way so as to allow them to be reused multiple times, while taking into account the fact that the authorizations of individual users are often slightly different (which complicates grouping).
For example, all employees working as personnel administration specialists use the same set of roles, and additionally, for a selected employee, the authorizations can be extended to cover the functionality of managing working time or the company social benefits fund.
In the whole process, an approach to later changes of authorizations (creation of new roles or modification of existing roles) is also very important. As a ...