Re:Examples of objects authorizations linked only ...

Former Member · ‎05-29-2007

Hi there,

Please let me know of examples of Transactions that are linked only to object authorization S_TCODE which grant access to Create/Maintain processes.

Thank You

Former Member · ‎05-30-2007

Hi John,

you can find this information using transaction S_BCE_68002030

goto S_BCE_68002030 and type Auth.Object as S_TCODE to get the where-used list.

Award points if helpful,

Regards,

Raju.

Former Member · ‎05-31-2007

Hi Raju,

Actually I am interested in sensitive transactions

that grant access to maintain / create / delete etc that are linked in SU24 only to S_TCODE. The reason

is that I have a super user requesting sap_all

access with display only. This is not an appropriate

access to grant a user in production and he asked me

to give him some example of transaction that I

cannot restrict to display only.

Thank you,

John

JPReyes · ‎05-31-2007

Hi John,

I think in until 4.6C, theres a role call SAP_ALL_DISPLAY

In the new releases this standard role has been removed... In the worst of the cases you could build your own DISPLAY role based on the Auditors requirement.

Hope this help

Juan

Please reward with points if helpful

Former Member · ‎05-31-2007

There is no reason for anyone to have SAP_ALL or anything the like.

The approach should NOT be you telling them why not, but the people who say they want it to build a business case why they need it and that should be approved by the BUSINESS Controller or an other person of similar seniority BEFORE even thinking of such a wide access.

So the answer to your question, let the requester do their job properly, if it is an auditor as sugegsted by teh other answer, do not trust someone with such a poor knowledge of security on your system!!!

Re:Examples of objects authorizations linked only to S_TCODE