Can we trap a value from a customised role as SoD
I am attaching a snapshot here. Please look into it before your comments. Here is customised role “Z40R-ALL-PTP-PR_APR_TIER_1” with Auth_Object “M_EINK_FRG” and value “R1”.
N.B: Only ARA and EAM is configured in system (no BRM etc).
I want to check in system, if someone having value R1 in field FRGCO.
Please help me how to done it.
Colleen Hebbert replied
You could build a critical action comprising of a permission only function in ARA. Then you could run risk analysis. You would add object m_eink_frg but only maintain the field frgco and leave other field inactive.
the name of the role is irrelevan. If role name was important then you would flag it as a critical role as part of ARA (not in sod definition though)
if not, suim report in sap for users by complex criteria would also do the trick