Authorisations
Common authorisation management issues I've encountered in my career are...
- No common and clear naming convention making it difficult to assign the correct roles to users.
- Authorisation matrix doesn't exist or is not maintained correctly.
- Not using types of roles correctly (single roles,composite roles,master / parent roles, derived / child roles).
- Users are assigned large number of single roles instead of assigning composite role based on job role.
- Many user administrators leave unmaintained authorisation (i.e. objects with some unmaintained field values) in the profile. Such unmaintained authorization often become big nuisance in long run.
- Changes to authorisation roles are not documented.
If you want to learn more about what I consider best practices for maintaining authorisations in SAP, have a look at the presentation.
JE consulting can assist you in performing an authorisation review and to setup your authorisations correctly.