on 03-11-2015 6:31 PM
We have created customized transactions in our Utility Company that have not been correctly assessed in GRC. They have all come back with no risk level. These transactions are usually modelled after standard SAP transactions, with additional functionality.
My objective is to have these transactions assigned the correct authorization object and function i.d.s. As I understand it, function i.d.s group related transactions that allow our Security Analyst to perform the GRC assessment. However, I have to first "tag" these custom transactions with the i.d. before the assessment can be done.
For example, we have "ZF01-Maintain Billing Master Data" as a function i.d. We have grouped all the transactions that are related to the master data of a service address of customer under it.
I am trying to correctly assign similar function ids to the custom transactions.
Thank you, Alessandro.
The process you described is followed by our SAP Security Team. The Function ID that I have to assign to the customized Tcode is in the box in the screenshot above. I am looking to develop the same profile for our customized Tcodes, but I am trying to get an understanding of the association the risk description has with the SAP transaction
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Tony,
you need to maintain SU24 in your backend system and then do the authorization synchronization. Did you do so?
Please also share some screenshots as it is difficult to understand the issue.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.