08-26-2008 12:20 AM
Hi -
Do anyone know of a security application tool within SAP to determine the affects of a security change to roles other than SUIM, SE16 ( tables), PFCG, etc
The basics are:
1) A role is updated to include additional t-codes, removal of t-codes, or change authorizations of existing t-codes.
2) Currently there is no way to determine what other t-codes may be affected by the change in authorizations which makes regression testing almost impossible. The ultimate solution would be a list to the process teams for regression testing to ensure everyone is aware of the consequences of making a change.
The application in question would:
1) Use the change log within SAP (with a few parameters specified) to determine what authorizations were changed.
2) Lookup all the authorizations by t-code for every t-code in the roles meeting the criteria.
3) Create a list of roles / t-codes that use the authorizations that were identified as changed. This would be the t-codes that need to be evaluated for regression testing.
This process is possible today, but would take hours to evaluate a simple change by hand. A single t-code can have 100+ authorizations and a role could have 50+ t-codes. This case would lead to the manual cross referencing of 5000+ items which would be extremely time consuming and prone to error.
Thanks
Larry Mac
08-26-2008 7:06 AM
Hi Larry,
I am only aware of SUIM....
there are some possibilities beside change logs, for instance Transaction->executable with role/for user,....
Also rsusr008_009_new(critical authorizations) gives you a good chance for finding such
possible effects.
The cusotmizing of critical auths./combinations/variants is a bit complex, but following the documentation step by step gives a good starting point.
So if after the changes users show up in the result, you knwo, that you have to react.
Of course this is not 100% the solution you are looking for, but gives the possibility for an additional check/countercheck.
b.rgds, Bernhard