Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Security tool within to determine the affects of a security change.

Former Member

‎08-26-2008 12:20 AM

0 Kudos

Hi -

Do anyone know of a security application tool within SAP to determine the affects of a security change to roles other than SUIM, SE16 ( tables), PFCG, etc

The basics are:

1) A role is updated to include additional t-codes, removal of t-codes, or change authorizations of existing t-codes.

2) Currently there is no way to determine what other t-codes may be affected by the change in authorizations which makes regression testing almost impossible. The ultimate solution would be a list to the process teams for regression testing to ensure everyone is aware of the consequences of making a change.

The application in question would:

1) Use the change log within SAP (with a few parameters specified) to determine what authorizations were changed.

2) Lookup all the authorizations by t-code for every t-code in the roles meeting the criteria.

3) Create a list of roles / t-codes that use the authorizations that were identified as changed. This would be the t-codes that need to be evaluated for regression testing.

This process is possible today, but would take hours to evaluate a simple change by hand. A single t-code can have 100+ authorizations and a role could have 50+ t-codes. This case would lead to the manual cross referencing of 5000+ items which would be extremely time consuming and prone to error.

Thanks

Larry Mac

1 REPLY 1

Bernhard_SAP
Advisor
Advisor

‎08-26-2008 7:06 AM

0 Kudos

Hi Larry,

I am only aware of SUIM....

there are some possibilities beside change logs, for instance Transaction->executable with role/for user,....

Also rsusr008_009_new(critical authorizations) gives you a good chance for finding such

possible effects.

The cusotmizing of critical auths./combinations/variants is a bit complex, but following the documentation step by step gives a good starting point.

So if after the changes users show up in the result, you knwo, that you have to react.

Of course this is not 100% the solution you are looking for, but gives the possibility for an additional check/countercheck.

b.rgds, Bernhard