SAP 101: Adding Transactions to A Role

Hi all,

Sorry I’ve been so MIA lately… things have really been picking up over here and I haven’t had time to post.Needless to say I haven’t had a second to breathe, but I didn’t want you all to feel left out, so here’s a little post on an SAP Security Best Practice to wet your whistle on this fine Monday morning.

My colleague, Rahul Urs, posted this article a while back and I thought I would piggy back on that for a second. When  you are adding transactions to a role, ALWAYS add them via the menu path, NEVER add transactions manually via the authorization object S_TCODE.

One of my customers e-mailed me this week… “A bunch of users are able to execute a transaction that they are not authorized for. We wish to limit access to this transaction to a small number of users. Currently, the transaction is not assigned in any roles and yet many users are able to access it… HELP!” The customer had queried roles by transaction assignment in t-code SUIM, which only shows roles assigned directly via the menu path. I queried, roles by complex selection criteria in SUIM, for the transaction value in auth object S_TCODE and I came to learn that 10 of their roles had been updated manually with a * value for S_TCODE.

I was able to fix this by manually inserting a new line item for S_TCODE and pasting the results from table AGR_TCODES for the role. I then inactivated the S_TCODE value for *, but it was quite the clean-up effort and less than ideal from a best practices standpoint.

So as a general rule of thumb: when  you are adding transactions to a role, ALWAYS add them via the menu path, NEVER add transactions manually via the authorization object S_TCODE.

Happy Monday!

Tracy

Advertisements

COME HERE ME SPEAK: ASUG OHIO CHAPTER MEETING 7/25/2014

This year, itelligence is hosting ASUG Ohio’s Annual Chapter Meeting at our US headquarters in Cincinnati.

 

I, along with two other members of the GRC practice will be speaking at the event. Here is an overview of the agenda as well as some further information on what our sessions will cover:

Capture

 

User Management Primer in SAP HANA and Best Practices for managing Security and Controls in SAP HANA and SAP BW on HANA. Rahul Urs, GRC Solution Architect, http://rahulurs.com/sap/

Capture Learn How to Use Continuous Compliance Monitoring with GRC Process Control 10.1 Tracy Levine and Brian Merkel, SAP Application Consultants

Capture2

 

Registration has not yet begun, but more information about the event and pending registration info. can be found here.

Happy 4th of July!

Tracy