Search found 294 matches

by jurjen
Sun Aug 18, 2019 5:28 am
Forum: SAP Security
Topic: SAP roles language
Replies: 1
Views: 558

Re: SAP roles language

by jurjen
Wed Dec 02, 2015 3:25 pm
Forum: SAP Security
Topic: Verify Users in BW against ECC
Replies: 3
Views: 5670

Re: Verify Users in BW against ECC

I'd configure the CUA in an empty client on a productive system, or Solman. Solman isn't too bad because that already needs trusted connections to all other systems. Performance is a good thing to think about.
by jurjen
Thu Sep 10, 2015 7:35 am
Forum: SAP Security
Topic: Segregating PFCG role
Replies: 2
Views: 3918

Re: Segregating PFCG role

Whether you need ACTVT 02 or 22 is decided by a configuration switch in PRGN_CUST, called ASSIGN_ROLE_AUTH. See note 312682
by jurjen
Tue Jan 20, 2015 3:47 am
Forum: SAP Security
Topic: sapagdesign xls
Replies: 1
Views: 3058

Re: sapagdesign xls

Nope, sorry. What do you expect from this sheet? Maybe there are other/better ways to solve your issue.
by jurjen
Sat Nov 01, 2014 5:21 am
Forum: SAP Security
Topic: SECATT and Role Name in Quotes
Replies: 5
Views: 6286

Re: SECATT and Role Name in Quotes

Hi Gary, What you still can do is download the roles after creation, delete the quotes in the download file and re-upload.. This download is a fixed record length text file, look for lines starting with AGR_TEXTS. Be aware of the codepage (Unicode) when downloading to avoid loss of special character...
by jurjen
Fri Sep 13, 2013 1:36 am
Forum: SAP Security
Topic: Where are the authorization specialists located?
Replies: 4
Views: 5064

Re: Where are the authorization specialists located?

I am normally not in favor of the "me too" posts but vote along with Henrik for this one.
by jurjen
Wed Aug 21, 2013 8:47 am
Forum: SAP Security
Topic: Authorizations codes for SCWM/MON
Replies: 1
Views: 3409

Re: Authorizations codes for SCWM/MON

Hi Becca,

I suggest you run an ST01 trace to determine the actual authorization requirements for this process.

Jurjen
by jurjen
Fri Feb 15, 2013 3:01 am
Forum: SAP Security
Topic: Role/Transaction matrix report
Replies: 1
Views: 2806

Re: Role/Transaction matrix report

I am not aware of ready made programs but a lot of VBA code for Excel is available on the web. If you look for VBA scripts using RFC_READ_TABLE you should get some interesting hits. The tables you want to query are: AGR_1251 filtered on S_TCODE for transaction access and AGR_1252 for orglevels. For ...
by jurjen
Tue Jan 29, 2013 9:43 am
Forum: SAP Security
Topic: authorization group for a new role
Replies: 4
Views: 3562

Re: authorization group for a new role

Check table TDDAT to see if and which authorization group is linked to the table. If the authorization group (CCLASS) is either empty or "&NC&" ask your developers to assign a group to the table. This does not have to be an existing group.
by jurjen
Thu Nov 01, 2012 3:07 pm
Forum: SAP Security
Topic: Role copied from SAP_ALL without all transactions
Replies: 2
Views: 2295

Re: Role copied from SAP_ALL without all transactions

Please tell us a bit more about the security issue you are facing and/or the requirements you got. Just taking some transactions out of an SAP_ALL copy doesn't sound like a solution to me.
by jurjen
Thu Oct 25, 2012 2:02 pm
Forum: SAP Security
Topic: SE93 - Proper Use
Replies: 5
Views: 3346

Re: SE93 - Proper Use

As far as I know the S_TCODE check is a kernel check so there's no need to put it in SE93 as well.
by jurjen
Mon Sep 24, 2012 4:59 am
Forum: SAP Security
Topic: Authorizations for importing roles via SCC1
Replies: 3
Views: 5141

Re: Authorizations for importing roles via SCC1

So, what's wrong with your developers having different rights in the development client and the test client? As long as the development client always is the starting point of your role transports and no rights are granted to create transports in your test client I do not think there is a real issue....
by jurjen
Thu Sep 20, 2012 6:23 am
Forum: SAP Security
Topic: Authorizations for importing roles via SCC1
Replies: 3
Views: 5141

Re: Authorizations for importing roles via SCC1

In which client are these rights required? The source or the target client?
by jurjen
Fri Jul 27, 2012 12:01 pm
Forum: SAP Security
Topic: Compare frequency
Replies: 2
Views: 1810

Re: Compare frequency

I always go for daily, somewhere between midnight & morning, preferably not when other jobs are running.
by jurjen
Wed Jul 25, 2012 5:21 am
Forum: SAP Security
Topic: Roles for SAP security administrator
Replies: 2
Views: 1814

Re: Roles for SAP security administrator

Nope, but you may be able to extract it from the relevant SAP standard roles. That should give you an idea. (Table AGR_1251, object S_TCODE)