10-25-2013 12:16 PM
Dear SAP,
i have one doubt in sap security i need to give full FICO module tcode authrisation to one userid only fico module tcodes full authrisation
remaining module tcodes will not to work is it possible in sap please help me is it possible are not
regards
suresh
10-25-2013 12:46 PM
If you have a list of transaction codes you want to give to this user then obviously you can just build a role that includes them all and assign that role to the one user. Whether the transactions come from one module or many doesn't really matter.
Or am I misunderstanding?
Steve.
10-25-2013 1:40 PM
Hi Suresh,
I think I know that requirement - it's basically a FICO Superuser - but I don't think that's a good idea at all:
An option to do that is a tool like SAP GRC Superuser Privilege Management which will allow you you track access to that user and log activities so that you can at least have someone watch these Activities (dual control principle).
I will also be frank and read into your question that you're not an authorization expert - please do yourself a favour and get someone knowledgeable to help you to prevent damage to the company.
I would recommend you challenge the requirement, point out the (obvious) dangers and ask for suggestions and approval on how to deal with them on a governance level.
Kind regards,
Frank.
10-25-2013 3:04 PM
I agree with the statement from Frank.
It is possible but you really don't want this in your system. It is a security issue if one person will get all the authorizations. Your auditor can confirm this.
A good solution might be giving the user display authorizations for FICO, combined with a solution like the Superusers Privilege Managenent to monitor the (temporary) wide authorizations for the user.
Even if you don't have GRC you can build this solution in the system with the help of the developers.
Good luck!
Meta
07-07-2014 2:49 PM
Hi,
From the security Perspective it is advisable to give full access of one module to any user ID.
we need to create new roles according to the business requirement and add those roles to particular user ID.
Regards
Venkat
10-21-2015 1:08 PM
Hello
First discuss with the Process Owners of FICO & get the tcodes for each Job description/Process & once this file is ready start with the development of roles.
Also be carefull of critical tcodes & you can discuss with Process Owners well in advance.
Thanks