on 05-16-2008 11:21 AM
Hi Experts,
Can you please provide the most critical SOX Transaction in SAP R/3.
Also Please Provide the associated risk description.
Best Regards,
Jagat
Hello,
Although there might be many SOX critical transactions, but i have prepared a handy list of some most critical ones.
TCODES Critical Risk Description
F.80 Mass Reversal of Documents
FI12 Change House Banks/Bank Accounts
F.34 Credit Limit Mass Changes
CA87 Mass Replace Work Center
CL04 Delete Class
CAT6 Human Resources
IP30 Run Date Monitoring
LN08 Number range maint.: LVS_LENUM
PA20 Display HR Master Data
PA70 Fast Entry
PA30 Maintain HR Master Data
PFCG Role Maintenance - System integrity, stability at risk
MMPV Close Periods
MMRV Allow Posting to previous Period
RZ04 Maintain SAP Instances
SU01 User Maintenance - Should be restricted to User Admins only
SA38 ABAP Reporting -Can run programs not protected appropriately
SCC1 Client Copy - Special Selections
SCC4 Client Admin. - System stability & integrity at risk
SCC5 Delete Client - System stability at risk
SCC6 Client Import - System stability & integrity at risk
at risk
SCCL Local Client Copy - System stability & integrity at risk
SE01 Transport Organizer - System stability & integrity at risk
SE11 Data Dictionary Maint. - System stabiltiy & integrity at ris
SE13 Maintain tech tables settings - System stabilitiy at risk.
SE16 Data Browser - Exposure to confidential information
SE37 Function Builder
SE38 ABAP Editor - System stabiltiy & integrity at risk
SM01 Lock Transactions - System stabiltiy at risk
SM02 System Messages - Should be restricted to System Admins only
SM30 Table Maintenance - System integrity & stability at risk
SM49 Execute OS commands - System stability at risk
SU02 Profile Maintenance - System stability and integrity at risk
Thanks & Best Regards,
Amol Bharti
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Experts,
Could you provide the any list of critical SOX authorization objects in SAP R/3.?
Best Regards,
Roberto Paiva
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
All companies and Auditors (external/internal) have a different view on what is a CRITICAL transaction, although there is probably a core. These lists change dependent upon which version of SAP you are working with and strangely enough the countries you work in as well.
I have a list of about 100 Tcodes that I obtained from a UK based Big 4 team.
Function ID Description TCODE T-code Description
Process Vendor Invoices MRRS Evaluated Receipt Settlement
Credit Management F.34 Credit Management - Mass Change
Archiving KA10 Archive cost centers (all)
Archiving KA12 Archive cost centers (plan)
Archiving KA16 Archive cost centers (line items)
Archiving KA18 Archive admin: assess., distr., ...
Archiving SARA Archive Administration
Archiving VARK Archiving
Basis Development SE11 ABAP Dictionary
Basis Development SE13 Maintain Technical Settings (Tables)
Basis Development SE37 ABAP Function Modules
Basis Development SE38 ABAP Editor
Basis Development SE93 Maintain Transaction Codes
Basis Table Maintenance SE16 Data Browser
Basis Table Maintenance SM30 Call View Maintenance
Basis Table Maintenance SM31 Call View Maintenance Like SM30
Basis Table Maintenance SPRO Customizing - Edit Project
Basis Utilities SE41 Menu Painter
Client Administration SCC1 Client Copy - Special Selections
Client Administration SCC4 Client Administration
Client Administration SCC5 Delete Client
Client Administration SCC7 Post-Client Import Methods
Client Administration SCC8 Client Export
Client Administration SCC9 Remote Client Copy
Client Administration SCCL Local Client Copy
Configuration RZ04 Maintain SAP Instances
Configuration RZ06 Alerts Thresholds Maintenance
Configuration SM63 Display/Maintain Operating Mode Sets
Configuration SMLG Maint.Assign. Logon Grp to Instance
Configuration RZ10 Maintain Profile Parameters
Configuration SM49 Execute external OS commands
Configuration SM69 Maintain External OS Commands
Create Transport SE06 Set Up Transport Organizer
Create Transport SE09 Transport Organizer
Create Transport SE10 Transport Organizer
Create Transport SE01 Transport Organizer (Extended)
Perform Transport STMS Transport Management System
Security Administration PFCG Role Maintenance
Security Administration SM19 Security Audit Configuration
Security Administration SU01 User Maintenance
Security Administration SU02 Maintain Authorization Profiles
Security Administration SU10 User Mass Maintenance
Security Administration SU12 Mass Changes to User Master Records
Security Administration SU03 Maintain Authorizations
Security Administration SU05 Maintain Internet Users
Security Administration SU20 Maintain Authorization Fields
Security Administration SU21 Maintain Authorization Objects
Security Administration SU22 Auth. Object Usage in Transactions
System Administration OBR1 Delete Documents
System Administration SM01 Lock Transactions
System Administration SM12 Display and Delete Locks
System Administration SM51 List of SAP Systems
System Administration SM54 TXCOM Maintenance
System Administration SM55 THOST Maintenance
System Administration SM56 Number Range Buffer
System Administration SM58 Asynchronous RFC Error Log
System Administration SM59 RFC Destinations (Display/Maintain)
System Administration SMLT Language Management
System Administration SPAD Spool Administration
System Administration SM50 Work Process Overview
Transport Administration SE01 Transport Organizer (Extended)
Transport Administration SPAM Support Package Manager
Transport Administration SE06 Set Up Transport Organizer
Transport Administration SE09 Transport Organizer
Transport Administration SE10 Transport Organizer
Transport Administration STMS Transport Management System
Maintain User Master SU05 Maintain Internet Users
Maintain User Master PFCG Role Maintenance
Maintain User Master SU01 User Maintenance
Maintain User Master SU10 User Mass Maintenance
Maintain User Master SU12 Mass Changes to User Master Records
Maintain Profiles / Roles SU02 Maintain Authorization Profiles
Maintain Profiles / Roles SU03 Maintain Authorizations
Maintain Profiles / Roles SU20 Maintain Authorization Fields
Maintain Profiles / Roles SU21 Maintain Authorization Objects
Maintain Profiles / Roles SU22 Auth. Object Usage in Transactions
Maintain Profiles / Roles PFCG Role Maintenance
Maintain Bank Master Data FI01 Create Bank
Maintain Bank Master Data FI02 Change Bank
Maintain Bank Master Data FI06 Set Flag to Delete Bank
Maintain Posting Periods MMPV Close Periods
Maintain Posting Periods OB52 C FI Maintain Table T001B
Post Journal Entry F.80 Mass Reversal of Documents
Goods Movements MB04 Subsequ.Adj.of "Mat.Provided"Consmp.
Maintain Material Master Data MMDE Delete All Materials
Maintain Purchase Order ME59 Automatic Generation of POs
Maintain Purchase Order MEMASSPO Mass Change of Purchase Orders
EBP / SRM Product Maintenance COMMPR02 #N/A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.