on 01-24-2012 5:57 AM
Hi Experts,
Suppose Function A has 3 TCODES and Function B has 2 TCODES.
Risk has been defined from above 2 functions. If we run the risk analysis we will get 6 action level risks.
Now coming to the permission level:
if I enable one authorization object with multiple fields and values for each TCODE in both the functions.
How system will calculate the rules. I would like to know in terms of 9 digit permission rule ID.
Thanks in advance
Ammu,
You'll find a nice example in the following note: Note 1542565 - Mitigations at Action versus Permission level
Cheers,
Diego.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Diego,
Thanks for your information.i have gone through the SAP note.
here what i want to know exactly, about the 9 digit permission rule ID.
Howmany authorization objects and authorization fields I enabled for each function, RAR always showing last two digits of the 9 digit permission rule ID is 01 for example, PR0100101
SAP note says that "an action level rule only has 1 permission level rule associated with it"
that means in any case or any possibility we can not see permission rule ID like PR0100102 ?
Hope you got my point.
Thank You
Hello,
I understand your question. Last two digits are also 01 in my case. Check also:
Note 1310365 - Maximum number of rules that can be generated
That's why there's a limit of rules. Last two digits seem to be reserved for other purposes, but I really don't know what for.
Could be Logical/Physical systems IDs??
I couldn't find any documentation regarding this... hope someone can clarify on this point.
Cheers,
Diego.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.