05-13-2013 10:59 AM
Hi,
We have a requirement for creating rule set for Solman system in GRC 5.3, since SAP does not provide any statndard rule set for Solman I was hoping that you guys can guide me by,
a) Providing examples of common SOD violation in Solman
b) Sharing any rule set for Solman (if it is possible)
05-13-2013 7:34 PM
Its workings and agents and services and trust dependencies are too complicated for mortals to build a tcode based SOD matrix for. That belittles the SOLMAN - rather get GRC to fix ALEREMOTE and BWREMOTE and WF-BATCH first, then consider taking on SOLMAN.
SOLMAN ist above GRC. It is omni-present. It is the illuminator of central solutions. It is all or nothing for the managed systems and CSMREG can normaly do that because of SAP Note 1646257... 😞
(however you thankfully can do your vanilla checks for basis auths and user admin vs. auths admin etc on SOLMAN, unless it is the CUA master and you have S_USER_SAS active with fixed SYSTEM users in the distribution model, in which case you need to know what you are doing and not rely on GRC to work it out within the SOLMAN..).
Cheers,
Julius
05-13-2013 7:34 PM
Its workings and agents and services and trust dependencies are too complicated for mortals to build a tcode based SOD matrix for. That belittles the SOLMAN - rather get GRC to fix ALEREMOTE and BWREMOTE and WF-BATCH first, then consider taking on SOLMAN.
SOLMAN ist above GRC. It is omni-present. It is the illuminator of central solutions. It is all or nothing for the managed systems and CSMREG can normaly do that because of SAP Note 1646257... 😞
(however you thankfully can do your vanilla checks for basis auths and user admin vs. auths admin etc on SOLMAN, unless it is the CUA master and you have S_USER_SAS active with fixed SYSTEM users in the distribution model, in which case you need to know what you are doing and not rely on GRC to work it out within the SOLMAN..).
Cheers,
Julius
05-14-2013 11:09 AM
Hi Julius,
I usndersatnd that creation of t-code based matrix for SOD's in Solman is too complicated, so we are creating some basic SOD's according to process.
Example for Charm, I created SOD's based on B_USERSTAT object, however I am still stuck with creating SOD's for Documentation and Service desk processes. Appreciate if you can provide some insight of any coommonly present SOD's within these processes.