cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to understand Permission level SoD analysis reports?

Former Member

on ‎09-14-2009 3:45 AM

0 Kudos

Hi ,

We would like to confirm whether our understanding is correct in analysing the SoD analysis reports at Permission Level

Below is an example on how functions are configured at permission level

Under Function 0C0004 we have t-code as below

VA01 - Create Sales Order with Auth Objects

B_USER_STAT - ACTVT 01 AND

ACTVT 06 AND

K_CKBS_CO-PC - ACTVT 01 AND

ACTVT 06 AND

V_VBAK_AAT - ACTVT 01 AND 02 AND 06 etc.,

Similarly we have another Function GA0001 with t-code as below

F-03- Clear G/L Account

F_BKPF_BLA - ACTVT 01 AND

F_BKPF_BUK - ACTVT 01 AND

F_BKPF_KOA - ACTVT 01 AND

We have defined Risk betwee GA0001 & OC0004 with RISK ID 0045.

Does this means that a User / Role which are having t-code VA01 with the above permission values should be thrown as a conflict if the same user/ role is having t-code F-03 with the above permission values.

Do we need to understand the conflicts are only between two transaction codes and their permission values? or

Do we need to understand within the transaction code permission values also there are conflicts i.e. if a user is having 01,02 & 06 for V_VBAK_AAT in VA01 also.

When SoD reports are thrown for a User/ Role it just provides the Rule ID number and the t-codes conflicting followed by the permission values of the t-codes as below

004500101 : Transaction Code Check at Transaction Start Transaction Code Create Sales Order (VA01) OC00004

004500101 : Transaction Code Check at Transaction Start Transaction Code Clear G/L Account (F-03) OCA00001

004500101: B_USERSTAT : ACTVT : Activity Delete(06) OC00004

004500101: F_BKPF_BLA : ACTVT : Activity Create or generate(01) GA00001

004500101: B_USERSTAT : ACTVT : Activity Create or generate(01) OC00004

004500101: F_BKPF_KOA : ACTVT : Activity Create or generate(01) GA00001

004500101: V_VBAK_VKO : ACTVT : Activity Create or generate(01) OC00004

In the above scenario what exactly we need to understand ? Whether the conflicts are between t-codes & their respective permission values or the conflicts are intra conflicts i.e between permission values as well? User should not posses both 01 & 06 for Auth Object B_USERSTAT and remove the access to any of them.

Please provide your suggestions in our understanding.

Thanks and Best Regards,

Srihari.K

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎09-14-2009 9:08 PM
0 Kudos

Hi Sri,

In RAR the conflict is always between Actions not permission. Permission level data is only for your info. All permission level details out of the box are not configured you have to activate it and fill in the value in the field. Now based on the value you feed in it will pull out the details.

eg: if you enter * it will show all values, If you enter 01 it will show all values with 01.

So to summarize the permission level details you need to configure based on needs and are not linked to conflicts they just show AS IS permission level details.

Thanks,

Darshan

Show replies
Show replies
Former Member
‎09-14-2009 2:33 PM
0 Kudos

Hi Sri,

Just go through with the SAP Note# 1223759.

I hope it would be helpful to you.

Regards,

Mohit

Show replies
Show replies
Former Member
‎09-15-2009 9:17 AM
0 Kudos

Hi Mohit,

I could not able to find the SAP Note# 1223759 in Service Market place. Can you please let me know where i can get this SAP note

Thanks and Best Regards,

Srihari.K

Former Member
‎09-15-2009 9:24 AM
0 Kudos

Hi,

https://websmp209.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=1223759

PS : You need to have Service market place id to access this message.

Cheers !!

Zaheer

Ask a Question