02-09-2014 5:54 AM
Hi all,
I have some Tcode(TCODE1) that are called in the background on executing certain tcode ( TCODE2).
Currently when i run risk analysis for any role having TCODE1, i also get a violation for TCODE2.
Please tell me how can i control this behaviour?
I do not want the coupled tcodes to be included in risk analysis.
Best Regards,
Khush Bafna.
02-09-2014 11:05 PM
Hi Khush
In the security roles build are both TCODE1 and TCODE2 added to the role (via role menu or manual S_TCODE added)? If so, does that mean the user can directly execute TCODE2 from their menu without going through TCODE1 first?
If that is the case, then TCODE2 should flag as a risk
The only way to exclude the TCODE2 is to change the function definition to remove the action. However, if TCODE2 contributes to a risk you don't want to do this.
If you have a TCODE1 that calls another TCODE2 and you don't want the user to have access you should look at SE97 configuration to switch of S_TCODE check. This way you don't give out S_TCODE = TCODE2 when user needs just TCODE1.
Regards
Colleen
02-09-2014 11:05 PM
Hi Khush
In the security roles build are both TCODE1 and TCODE2 added to the role (via role menu or manual S_TCODE added)? If so, does that mean the user can directly execute TCODE2 from their menu without going through TCODE1 first?
If that is the case, then TCODE2 should flag as a risk
The only way to exclude the TCODE2 is to change the function definition to remove the action. However, if TCODE2 contributes to a risk you don't want to do this.
If you have a TCODE1 that calls another TCODE2 and you don't want the user to have access you should look at SE97 configuration to switch of S_TCODE check. This way you don't give out S_TCODE = TCODE2 when user needs just TCODE1.
Regards
Colleen