Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

template for the report RSUSR008_009_NEW

Thomas_Berger
Participant
0 Kudos

hello,

with the report RSUSR008_009_NEW sap delivers some templates for critical authorisations like:

SAP_ABAA Administration: All Rights for Background Jobs

SAP_ABJA Administration: Release Background Jobs

SAP_ABNA Administration: Start Background Jobs with Any User

........

knows someone where i can get some templates for other critical authorisation combination like the transaction FD01 is not alowed in the combination with VA01?

I need a check over the authorisation combination in our sap system do find critical

function which one user can use.

I know about the sap product SAP GRC but this software is where expensive

1 REPLY 1

Former Member
0 Kudos

Hi Thomas,

I am not sure where you can find such other templates for the report (I also asked a while back whether anyone was interested) so if you are interested in comparing approaches and rule sets then I would be interested in comparing ideas.

Basically, there are 2 big hurdles to pass (in addition to understanding the report and the SAP notes on it):

1) Identify which combinations are in actual fact critical for your company.

2) Find the correct objects / field names / values to populate in the system, so that an accurate result is returned.

For your example mentioned, I would initially define this within the same critical authorization identifier:

F_KNA1_APP APPKZ * AND

F_KNA1_APP ACTVT 1->2 AND

F_KNA1_BUK ACTVT 1->2 AND

V_KNA1_VKO ACTVT 1->2 AND

V_VBAK_AAT ACTVT 1->2 AND

V_VBAK_VKO ACTVT 1->2 AND

But you might need more (like if you have added more restrictions or activated other objects) or less (like if you have Z* programs doing uploads). So the rules need to be system specific, as well as company specific to get the correct result.

One thing which I would recommend, is that you ignore the S_TCODE object when you set this up, because the user might have many other transaction codes to create (e.g. XD01) or change (e.g. FD02, FD03...) an existing customer, or enter a sales order (BAPI_SALESDOCU_CREATEWITHDIA), etc.

Kind regards,

Julius