Solved: SAP Compliance Calibrator question

Former Member · ‎10-24-2008

Good afternoon all.

My question, simply put, is where does compliance calibrator get its authorization objects from? Now to give some meat behind the question. I have used CC for over 3 years. this is the first time I have ever seen this. I have a custom TCode (Example: ZTEST). In SU24 I see this TCode has exactly 2 authorization objects, S_TABU_DIS and S_TCODE (both set to check/maintain). I create a brand new function called TST1 and add this tcode to it. Now when I click save it askes "Would you like to bring in teh auth objects". I click yes and see 5 authorization objects.

My thoughts on this is that the TCode points to a different transaction and it is getting the authorization objects from that tcode. Unfortunately I am no longer a Basis Admin and do not have access to view how this tcode was built. So what do you think? Has anyone seen this happen? do you have a reason that it would add authorization objects? USOBT_C is the only table that CC uses to get authorization data from, correct?

Anyways, Thanks in advance for any assistance with this oddity. Have a Great Weekend.

Paul

OK One other question if I can add it here. is there a way to remove a row in the authorization object value? is there suppose to be a red minus sign nest to the field value to remove it? Do I just not have authorization to see it?

Edited by: Paul Ksobiech on Oct 24, 2008 2:32 PM

Former Member · ‎10-25-2008

Hi Paul,

Which version of CC are you using?

If you can't remove a value in CC, you should have an option to "disable" the value.

Former Member · ‎10-25-2008

Hi Paul,

Which version of CC are you using?

If you can't remove a value in CC, you should have an option to "disable" the value.

Former Member · ‎10-27-2008

Kiran,

Thank you for your response. I do know about disabling it. We currently have two DEV boxes that we use for our implementation. we do a table compare on the virsa tables to find if there are differences. this table compare shows that a few people prior to me have added some purely defined auhorization objects to some functions. Now, the techy geek in me would like to clean these up. I don't like to have extra "junk" in the system. I also don't want to have to add authorization objects and then disable them to make the table compare match. I want to make the both equal but without deleting the entire function and rebuilding it. I just want to remove the duplicate values.

Kind Regards,

Paul

Former Member · ‎10-28-2008

Paul,

Virsa 4.0 has a wide variety of features that I like and one of the features is that you can maintain a list of "Restricted Objects" also known as Critical authorization objects. Object like S_NUMBER is considered critical even if it is linked to a tcode or not. In order to capture users that have access to this type of critical auth objects ,your predecessor must have built a table with such objects to identify exactly those users.

Check this link in CC: Cockpit window ==> Menu "Custom Utility" ==> Custom Table maint. ==> Restricted Objects.

Virsa has the ability to disable unwanted objects from being generated as part of your ruleset. Unless you are maintaining a custom ruleset, please use your functions and the assigned tcodes->objects to build your ruleset. If you want to delete an individual rule from this generated pool, I would do it very cautiously. Hope this helps in getting you started on exploring Virsa rules

Kiran