Information about authorization objects and functi...

Former Member · ‎03-11-2015

We have created customized transactions in our Utility Company that have not been correctly assessed in GRC. They have all come back with no risk level. These transactions are usually modelled after standard SAP transactions, with additional functionality.

My objective is to have these transactions assigned the correct authorization object and function i.d.s. As I understand it, function i.d.s group related transactions that allow our Security Analyst to perform the GRC assessment. However, I have to first "tag" these custom transactions with the i.d. before the assessment can be done.

For example, we have "ZF01-Maintain Billing Master Data" as a function i.d. We have grouped all the transactions that are related to the master data of a service address of customer under it.

I am trying to correctly assign similar function ids to the custom transactions.

Former Member · ‎03-12-2015

Thank you, Alessandro.

The process you described is followed by our SAP Security Team. The Function ID that I have to assign to the customized Tcode is in the box in the screenshot above. I am looking to develop the same profile for our customized Tcodes, but I am trying to get an understanding of the association the risk description has with the SAP transaction

alessandr0 · ‎03-12-2015

Dear Tony,

you need to maintain SU24 in your backend system and then do the authorization synchronization. Did you do so?

Please also share some screenshots as it is difficult to understand the issue.

Regards,
Alessandro

Information about authorization objects and function i.d.s in the GRC assessment.

Accepted Solutions (0)

Answers (2)

Answers (2)

Re: ASEGURAMIENTO DE TABLAS

Re: Getting error while Creating role in BRM

Re: How to enable the add, delete,edit system on s...

Re: CJS-30252 Running priviledged function stop of...

Successfactors login issue.