02-28-2014 5:28 AM
Dear All,
Is there a way, other than testing and tracing, we can get to know the list of authorization objects which get checked for various NWBC functionalities?
Or if I move from one Service pack of GRC to another, is some list of new authorization object checks for webdynpro, available?
Thanks
03-02-2014 10:52 PM
Hi Paramjit
You will not get an exact list of what is needed. You can look at the SAP_GRAC* roles as a base of what is needed and refine the access. You can also look at the GRAC authorisation objects.
Security does not appear to change much between a support pack unless SAP identified a missing or incorrect authorisation check. Looking at the notes for the SP may help you identify these changes
Ultimately, trial/error and testing/investigation. SAP standard roles are a starting point but then you will need to determine if you need to restrict access further.
Regards
Colleen
02-28-2014 8:44 AM
Dear Paramjit,
it's not exactly what you are looking for but maybe it helps as well. Check the Security Guide for Access Control. You will find this guide in the help portal (SAP Access Control 10.0 – SAP Help Portal Page).
Regards,
Alessandro
03-02-2014 10:52 PM
Hi Paramjit
You will not get an exact list of what is needed. You can look at the SAP_GRAC* roles as a base of what is needed and refine the access. You can also look at the GRAC authorisation objects.
Security does not appear to change much between a support pack unless SAP identified a missing or incorrect authorisation check. Looking at the notes for the SP may help you identify these changes
Ultimately, trial/error and testing/investigation. SAP standard roles are a starting point but then you will need to determine if you need to restrict access further.
Regards
Colleen
03-04-2014 6:01 AM
Hi Coleen,
Yes, it looks like browsing through master notes is the only option (other than testing). Thanks for sharing your experience.
Also, I wonder, is step 2B of SU25 of any use for change in authorization checks which might have been introduced for web dynpro components or SU25 helps in transaction based changes only?
Thanks.
03-05-2014 2:09 AM
Hi Paramjit
SU25 should be executed regardless as you still have basis/security/etc transactions
I'm unsure if SAP has maintained it for the webdynpros and you would also need to look at the roles to see how role menu has been built (i.e. if not in role menu Step 2C wont' fix it for you automatically). But there's no harm in considering it as a option to identify changes
End of the day - like any functionality test what you migrate to Production
Regards
Colleen