Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorisation checks in NWBC

Former Member
0 Kudos

Dear All,

Is there a way, other than testing and tracing, we can get to know the list of authorization objects which get checked for various NWBC functionalities?

Or if I move from one Service pack of GRC to another, is some list of new authorization object checks for webdynpro, available?

Thanks

1 ACCEPTED SOLUTION

Colleen
Advisor
Advisor
0 Kudos

Hi Paramjit

You will not get an exact list of what is needed. You can look at the SAP_GRAC* roles as a base of what is needed and refine the access. You can also look at the GRAC authorisation objects.

Security does not appear to change much between a support pack unless SAP identified a missing or incorrect authorisation check. Looking at the notes for the SP may help you identify these changes

Ultimately, trial/error and testing/investigation. SAP standard roles are a starting point but then you will need to determine if you need to restrict access further.

Regards

Colleen

4 REPLIES 4

alessandr0
Active Contributor
0 Kudos

Dear Paramjit,

it's not exactly what you are looking for but maybe it helps as well. Check the Security Guide for Access Control. You will find this guide in the help portal (SAP Access Control 10.0 – SAP Help Portal Page).

Regards,

Alessandro

Colleen
Advisor
Advisor
0 Kudos

Hi Paramjit

You will not get an exact list of what is needed. You can look at the SAP_GRAC* roles as a base of what is needed and refine the access. You can also look at the GRAC authorisation objects.

Security does not appear to change much between a support pack unless SAP identified a missing or incorrect authorisation check. Looking at the notes for the SP may help you identify these changes

Ultimately, trial/error and testing/investigation. SAP standard roles are a starting point but then you will need to determine if you need to restrict access further.

Regards

Colleen

Former Member
0 Kudos

Hi Coleen,

Yes, it looks like browsing through master notes is the only option (other than testing). Thanks for sharing your experience.

Also, I wonder, is step 2B of SU25 of any use for change in authorization checks which might have been introduced for web dynpro components or SU25 helps in transaction based changes only?

Thanks.

0 Kudos

Hi Paramjit

SU25 should be executed regardless as you still have basis/security/etc transactions

I'm unsure if SAP has maintained it for the webdynpros and you would also need to look at the roles to see how role menu has been built (i.e. if not in role menu Step 2C wont' fix it for you automatically). But there's no harm in considering it as a option to identify changes

End of the day - like any functionality test what you migrate to Production

Regards

Colleen