Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

where to get the auth grps values from

Former Member
0 Kudos

Hello

I have created a role with different t-codes inserted in the menu tab in PFCG. After i save the role and move on to Authorization tab there are lot of yellow lights. I know these auth objects have to be made either inactive or filled in with the authorization values as per the business restrictions. When i trying to fill in values for auth grps for example value of BRGRU in F_KKK_BEG it does not have any From and TO values. Where do we get this information from. Is it security resposibility to add these values in se54 t-code or do we have to get with process teams.

Any input on this is highly appreciated

Thanks in advance

KV

5 REPLIES 5

jurjen_heeck
Active Contributor
0 Kudos

>

> When i trying to fill in values for auth grps for example value of BRGRU in F_KKK_BEG it does not have any From and TO values.

These groups can be filled in customizing, so I think you need a functional guy to find out if they are configured and how.

(This info should have been in the functional design/spec for your roles.)

Jurjen

Former Member
0 Kudos

Like what Jurgen said, there is no way by which we (security) would know the right values. The functional folks would be the best bet.

ravi

0 Kudos

>

> Like what Jurgen said, there is no way by which we (security) would know the right values. The functional folks would be the best bet.

>

> ravi

I don't completely agree with this.

Use of auth groups is part of your security design and the security team should be working with the functional team to identify all controls which are acheived via application security.

0 Kudos

>

> Use of auth groups is part of your security design and the security team should be working with the functional team to identify all controls which are acheived via application security.

Which doesn't invalidate the fact that you need the functional team on this one If it isn't for all the answers, then it's for the cooperation.

Point taken though.

0 Kudos

>

> >

> > Use of auth groups is part of your security design and the security team should be working with the functional team to identify all controls which are acheived via application security.

>

> Which doesn't invalidate the fact that you need the functional team on this one If it isn't for all the answers, then it's for the cooperation.

> Point taken though.

You are entirely correct of course.

This is my concept of "doing security" rather than the administrative task of entering values into a role that someone tells you without understanding why they are there and what they are controlling.