cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorizations Issue

Go to solution
Former Member

on ‎09-29-2009 12:46 AM

0 Kudos

Hello experts,

I am implementing a project on Authorizations from scratch. All users had SAP_ALL profile, but after an audit they were told to restrict access to information. So, i am implementing their specs. In this first phase in order to please the next audit, the implementation is very simple.

I have 4 roles, 3 to distribute by the users, and another one for the Administrators.

So i have based my approach in this first phase in transaction level. The users filled the Excel with the transactions they use and the Roles are based on them. I inserted the transactions and generated automaticaly the authorizations. I accepted all SAP recomendations for the Authorizations and authorization object values and gave full access to the authorizations that SAP didn't knew what activities to put.

Now i am testing the processes users will do, and i realized the following:

Some transactions have inside them, shortcuts masked of buttons, go tos, etc that leads to other transactions users didn't mapped. Is there any table that gives me wich transactions can be called inside the transactions, so i can map every transaction users will use? Wich is the best way to get all transactions mapped?

Another question regarding the implementation proccess:

Am i procceeding correctly? Please be aware that, in the short term all authorizations will be much more restricted after the more detailed specs of the client.

Thank you very much

Regards

John

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-29-2009 7:17 AM
0 Kudos

Hi John,

i gather, this thread is the follow-up on: ?? All in all you might get more answers and attention, had you posted your questions in the security forum. perhaps it would be a good idea to have a moderator move this there? your decision, of course.

as for your probem. there's no such table showing the 'mapping' of menu paths like GoTo, the paths linked there are not even necessarily transactions, but all kind of develpment elements, like BAPIs, FunctionModules etc. the only chance you have of getting a complete list of needed authorizations is, to switch on a system trace (transaction ST01), flagged for one user only and limited on authority checks and have the user run through all the transactions/menus she/he needs. this will also give you a chance to narrow down the authorizations you already granted by giving maximum values to objects the transactions pulled in your roles.

and yes, i think you are processing correctly. add the trace and you should reach a state fit for another audit soon.

Show replies
Show replies
Former Member
‎09-29-2009 10:22 AM
0 Kudos

Hi Mylene,

Thank you very much for the reply. I guess i will, either write again the question on the forum you said or ask a moderator to change it.

As for the issue regarding the authorizations, i'll follow your advice and turn the trace on. There is only one small detail, there are around 700 transactions that i must trace. I guess a lot of work will be done for the next phase of the project.

Thanks

Answers (0)

Ask a Question