11-18-2009 9:22 AM
Hi,
I have a list regarding authorization provided by auditors.
Here I want to know how the auditors generated the list.
Do you know the transaction code or the program ID.....?
Probably the data in the list was extracted from our system, and some data were manually processed or added.
Hard to write down but fields and examples appear in the list;
-FIELDS-
User
Group
Full Name
Rule
Side
Operator
Role
Authorization
Attribute
Attribute Value
Associated Role
Associated Authorization
Associated Attribute
Associated Attribute Value
-EXAMPLES-
testuser01
group001
user01 test
Create Maintain Sales Order vs Create Maintain Customer Master Records
LHS
Any
Z_ROLETEST_001
Authorization=T-D524126500, Object=S_TCODE
TCD
FB01
Z_ROLETEST_002
Authorization=T-D524126600, Object=F_BKPF_BUK
ACTVT
1
Thank you in advance.
/Y.Shirako
11-18-2009 10:14 AM
Your auditors will have their own tool which extracts the data that they want.
Typical ways they use it are:
Install ABAP on your system which provides files for them to crunch in an SQL (or similar) database.
Tool extracts data via RFC calls into your system that is then processed externally.
Why don't you ask your auditors? Usually in their report is an explanation of how the data was gathered.
11-18-2009 10:14 AM
Your auditors will have their own tool which extracts the data that they want.
Typical ways they use it are:
Install ABAP on your system which provides files for them to crunch in an SQL (or similar) database.
Tool extracts data via RFC calls into your system that is then processed externally.
Why don't you ask your auditors? Usually in their report is an explanation of how the data was gathered.
11-18-2009 11:03 AM
Hi,
In an ABAP system, you can view most of these things with transaction SUIM, which is the User Information System.
Kind regards,
Dagwin
11-18-2009 12:57 PM
tables where thie info is stored in are AGR* USR* and UST* look at these tables and find your info, you probably have to put them in a database to bring it all together
Edited by: Auke Visser on Nov 18, 2009 1:57 PM
11-18-2009 7:39 PM
> Install ABAP on your system which provides files for them to crunch in an SQL (or similar) database.
> Tool extracts data via RFC calls into your system that is then processed externally.
Yes, the interfaces of those tools are often a hazard in themselves...
I typically recommend customers to delete them completely. Sometimes this comment also exists in the code itself, but who reads code now-a-days in GRC projects, and why should they have to? ;-(
This looks very much like one of those tools (where the SQL statements are built externally).
Cheers,
Julius
11-19-2009 12:40 AM
>
> Yes, the interfaces of those tools are often a hazard in themselves...
A conversation I had today leads me to believe that the main culprit of this method has now phased it out with the latest release of their tool...