06-20-2016 4:43 PM
Hello.
I was asked by the customer to delete unnecessary authorisations assigned to a specific role. I know generally how to find required authorisations(su53) but no idea about the deletion.
I tested it in Tx: SUIM -> Transactions -> Executable for for Role -> Type a role and execute.
In some transactions especially standard ones, I could see the result of related authorisation objects and values. However, on the other hand, there are a lot of transactions show empty especially Z* t-codes.
Should I redesign the role from the scratch? Is there any other way to shorten the time?
P.S. I've also considered to control the accessible t-codes in S_TCODE but someone already put the value 'ALL' in there so it's not easy to review entire transactions maintained in there as well.
Best regards,
Seong Do Lee
06-20-2016 9:21 PM
Hello,
I would not even attempt to remediate a role that had been given full authorization for S_TCODE. If you are fortunate enough to have a tool such as the Action Usage report in GRC 10.x, that could help you rebuild the role based on the tcodes that had been used. Otherwise you might have to rebuild it based on process documentation.
If the Z tcodes have no authorizations associated with them, you might want to counsel the clients on the importance of doing SU24 maintenance on their custom tcodes. You could try doing traces on them to see what authorizations are needed.
Good luck.
Gretchen
06-20-2016 9:21 PM
Hello,
I would not even attempt to remediate a role that had been given full authorization for S_TCODE. If you are fortunate enough to have a tool such as the Action Usage report in GRC 10.x, that could help you rebuild the role based on the tcodes that had been used. Otherwise you might have to rebuild it based on process documentation.
If the Z tcodes have no authorizations associated with them, you might want to counsel the clients on the importance of doing SU24 maintenance on their custom tcodes. You could try doing traces on them to see what authorizations are needed.
Good luck.
Gretchen
06-28-2016 2:24 AM
06-28-2016 2:32 AM
Hi Seong
A couple of things to consider here:
Regards
Colleen