06-01-2007 9:02 AM
hello,
with the report RSUSR008_009_NEW sap delivers some templates for critical authorisations like:
SAP_ABAA Administration: All Rights for Background Jobs
SAP_ABJA Administration: Release Background Jobs
SAP_ABNA Administration: Start Background Jobs with Any User
........
knows someone where i can get some templates for other critical authorisation combination like the transaction FD01 is not alowed in the combination with VA01?
I need a check over the authorisation combination in our sap system do find critical
function which one user can use.
I know about the sap product SAP GRC but this software is where expensive
06-05-2007 7:53 PM
Hi Thomas,
I am not sure where you can find such other templates for the report (I also asked a while back whether anyone was interested) so if you are interested in comparing approaches and rule sets then I would be interested in comparing ideas.
Basically, there are 2 big hurdles to pass (in addition to understanding the report and the SAP notes on it):
1) Identify which combinations are in actual fact critical for your company.
2) Find the correct objects / field names / values to populate in the system, so that an accurate result is returned.
For your example mentioned, I would initially define this within the same critical authorization identifier:
F_KNA1_APP APPKZ * AND
F_KNA1_APP ACTVT 1->2 AND
F_KNA1_BUK ACTVT 1->2 AND
V_KNA1_VKO ACTVT 1->2 AND
V_VBAK_AAT ACTVT 1->2 AND
V_VBAK_VKO ACTVT 1->2 AND
But you might need more (like if you have added more restrictions or activated other objects) or less (like if you have Z* programs doing uploads). So the rules need to be system specific, as well as company specific to get the correct result.
One thing which I would recommend, is that you ignore the S_TCODE object when you set this up, because the user might have many other transaction codes to create (e.g. XD01) or change (e.g. FD02, FD03...) an existing customer, or enter a sales order (BAPI_SALESDOCU_CREATEWITHDIA), etc.
Kind regards,
Julius