- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- s_admi_fcd , s_cts_admi
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
s_admi_fcd , s_cts_admi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2009 9:44 PM
Hi all,
S_ADMI_FCD and S_CTS_ADMI are critical transaction codes. They are inserted in a role and has complete authorizations ( i.e '*' for all the fields) but the role is not assinged any T-codes. Since the role does not have any tcodes , Is it ok to have like this or is it against audit policies.
Thanks.
Neha
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2009 10:05 PM
Hello Neha,
Authorization object S_ADMI_FCD is concerned to system adminitration tasks like SM04 and SM59.
Please go thru the below link.
http://help.sap.com/saphelp_40b/helpdata/es/17/174b6e5733d1118b3f0060b03ca329/content.htm
And S_CTS_ADMI is concerned to transports.
See, if you assign these auth objects to a role which doesnt have any tcodes that it might create problems for you.
Because they both have value '*' in them.
If you assign specific values or just display values to their fields then there would be no problem.
=Kapilendra Yadav=
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2009 10:01 PM
> S_ADMI_FCD and S_CTS_ADMI are critical transaction codes.
These are Not TCode. These are Authorization Objects and of course critical. For more details, please go through the documenation of them in SU21 under BC_A objects class.
They are inserted in a role and has complete authorizations ( i.e '*' for all the fields) but the role is not assinged any T-codes. Since the role does not have any tcodes , Is it ok to have like this or is it against audit policies.
>
It's of course get importance to the auditors in production system if you assign the values as you told. But more critical scenario appears if this role is assigned to an user having access to this Objects through any other role.
Regards,
Dipanjan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2009 10:05 PM
Hello Neha,
Authorization object S_ADMI_FCD is concerned to system adminitration tasks like SM04 and SM59.
Please go thru the below link.
http://help.sap.com/saphelp_40b/helpdata/es/17/174b6e5733d1118b3f0060b03ca329/content.htm
And S_CTS_ADMI is concerned to transports.
See, if you assign these auth objects to a role which doesnt have any tcodes that it might create problems for you.
Because they both have value '*' in them.
If you assign specific values or just display values to their fields then there would be no problem.
=Kapilendra Yadav=
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2009 10:22 PM
Thanks guys for your promt response. What I thought was since the role has no t-codes assinged to it such as sm04, sm01 etc, it will not be an audit issue if a role has these authorization objects with '*'. But what I understand from ur response is that it will be an audit issue beacuse the user may be assinged the t-codes through some other roles. Am I right or am I missing something.
Thanks.
Neha.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2009 11:26 PM
