Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

How to fetch authorization matrix from exisiting SAP system?

sujit_sharma
Active Participant
0 Kudos

Dear All,

At present I'm working on a project wherein SAP ECC6.0 EHP7 is being used by the client. They have recently split from parent company and became independent entity.

SAP system is setup using carved out data from parent company. The client is not having any authorization matrix to work with their existing security issues and the parent company is reluctant to provide what they have been using. Security team from parent company says that they were using some tool to address security and SODs which this client do not want to use.

In this case I'm thinking to fetch the authorization information from SAP system itself, however SUIM does not give the whole information.

Is there a way using which we can fetch the complete set of authorization matrix similar to what we create during the implementation ?

Any help of this will be highly appreciated.

Thanks in advance,

Sujit

1 REPLY 1

Rajesh_Naik
Explorer
0 Kudos

Hi Sujit,

Different modules demand different strategies. For modules like FI, CO, MM etc., you could take an AGR_1251 dump for the S_TCODE authorization object. However, for the special module called HR, you might have to spend quite a bit of time. You might have to provide the following information.

1. In case of PA40, you might have to map all the individual actions in the tcode to roles. You could find out the action access to the roles based on the subtype access provided.

2. You might have to map a separate matrix for P_ORGIN and PLOG. Things to note in the object reporting.

     a. In case of P_ORGIN, mapping to be maintained for infotypes (mapped with action names at places where you provide X in a normal matrix) and the organizational restrictions based on personnel area and sub areas.

     b. In case of PLOG, mapping to be maintained for infotypes, and object types depending upon roles.

Hope this gives a brief idea for role matrix build.

Thanks,

Rajesh