05-29-2007 7:05 PM
Hi there,
Please let me know of examples of Transactions that are linked only to object authorization S_TCODE which grant access to Create/Maintain processes.
Thank You
05-30-2007 5:35 AM
Hi John,
you can find this information using transaction S_BCE_68002030
goto S_BCE_68002030 and type Auth.Object as S_TCODE to get the where-used list.
Award points if helpful,
Regards,
Raju.
05-31-2007 1:32 PM
Hi Raju,
Actually I am interested in sensitive transactions
that grant access to maintain / create / delete etc that are linked in SU24 only to S_TCODE. The reason
is that I have a super user requesting sap_all
access with display only. This is not an appropriate
access to grant a user in production and he asked me
to give him some example of transaction that I
cannot restrict to display only.
Thank you,
John
05-31-2007 1:57 PM
Hi John,
I think in until 4.6C, theres a role call SAP_ALL_DISPLAY
In the new releases this standard role has been removed... In the worst of the cases you could build your own DISPLAY role based on the Auditors requirement.
Hope this help
Juan
Please reward with points if helpful
05-31-2007 2:20 PM
There is no reason for anyone to have SAP_ALL or anything the like.
The approach should NOT be you telling them why not, but the people who say they want it to build a business case why they need it and that should be approved by the BUSINESS Controller or an other person of similar seniority BEFORE even thinking of such a wide access.
So the answer to your question, let the requester do their job properly, if it is an auditor as sugegsted by teh other answer, do not trust someone with such a poor knowledge of security on your system!!!