Search found 493 matches

by henrik
Tue Jun 16, 2015 5:55 pm
Forum: SAP Security
Topic: SAP Treasury & Risk Management
Replies: 1
Views: 3990

Re: SAP Treasury & Risk Management

One way could be to identify all roles that provides access to the Treasury and Risk management transaction and then use that to either automatically assign license type to the users with these roles. This is how it was done at a client I worked for who used IS RealEstate... SAP seemed happy with th...
by henrik
Sun Mar 15, 2015 9:25 pm
Forum: SAP Security
Topic: LICENSE_ATTRIBUTES and assigning license to roles
Replies: 3
Views: 3856

Re: LICENSE_ATTRIBUTES and assigning license to roles

Hi Gary, I have implemented this a couple of times with clients, and it works quite well. Don't assign license type to the users at all, and let the system do the calculation for you. I have used it with IdM scenarios, where it can be difficult to "calculate" the right license type to assign. By hav...
by henrik
Sun Dec 08, 2013 5:08 pm
Forum: SAP Security
Topic: Auths object F_BKPF_BUK
Replies: 3
Views: 4798

Re: Auths object F_BKPF_BUK

For some strange reason, some people are under the impression that the auth objects only work within the role they are assigned through, so in your case, the F.90 role should not have any impact on the FB08 role.
Of course that is nonsense, but I have seen that belief being argued several times...
by henrik
Thu Sep 12, 2013 10:54 pm
Forum: SAP Security
Topic: Where are the authorization specialists located?
Replies: 4
Views: 5009

Re: Where are the authorization specialists located?

Just to echo Alex... I have seen the same, and my preference is probably to have it located with the functional support team. That allows for more interaction with the people supporting the business processes. Makes it easier to come up with the best solutions for the business, rather than focusing ...
by henrik
Sun Sep 08, 2013 10:13 pm
Forum: SAP Security
Topic: authorisation
Replies: 3
Views: 4273

Re: authorisation

Nothing in the link I posted?
by henrik
Thu Aug 29, 2013 7:20 pm
Forum: SAP Security
Topic: authorisation
Replies: 3
Views: 4273

Re: authorisation

Google?
http://mojoe.info/wp-content/uploads/BP ... sguide.pdf
I realise it's old, but could be a decent place to start

:-)
by henrik
Mon Jul 29, 2013 11:22 pm
Forum: SAP Security
Topic: TA GRE0 / Report RGRGRIX4 Extracts
Replies: 1
Views: 2285

Re: TA GRE0 / Report RGRGRIX4 Extracts

You could go down the transaction variant path, and remove the option to change the radio button to select other user's extract.

Without going into too much detail, I don't really see any other methongs. Nothing stands out...
by henrik
Tue Jun 25, 2013 10:38 pm
Forum: SAP Security
Topic: production order report authorization
Replies: 1
Views: 2681

Re: production order report authorization

object C_AFKO_AWK should be checked in that transction. Have you tried restricting access using that?
/henrik
by henrik
Tue May 07, 2013 10:29 pm
Forum: SAP Security
Topic: Tcode FV63 is not a directly accessed Tocde
Replies: 1
Views: 2624

Re: Tcode FV63 is not a directly accessed Tocde

Is it possible to run the workflow under different account, i.e. batchuser?
If not, you're out of luck I'm afraid. You can't grant access to a transaction code in one scenario and not in another...

/henrik
by henrik
Thu Apr 11, 2013 6:54 pm
Forum: SAP Security
Topic: SoD - Authorization Objects
Replies: 5
Views: 6475

Re: SoD - Authorization Objects

Regarding the tool - What Al said :-) Rule sets are what makes a tool valuable - well, not the whole picture, but you know what I'm getting at (I hope :) ) I only ask to get an idea of the magnitude of your task. There are many variables to take into consideration. For instance - how do you handle d...
by henrik
Tue Apr 09, 2013 10:41 pm
Forum: SAP Security
Topic: SoD - Authorization Objects
Replies: 5
Views: 6475

Re: SoD - Authorization Objects

1) you are right, the combination of those two tables should give you most of what you are after. Just remember to adjust for validity date :-) 2) I think the only option - which is nowhere near perfect - is to look at USOBT and USOBX. Make sure you only look at the OKFLAG = Y in USOBX. These are th...
by henrik
Thu Oct 25, 2012 4:58 pm
Forum: SAP Security
Topic: SE93 - Proper Use
Replies: 5
Views: 3277

Re: SE93 - Proper Use

I fully agree that it's pointless with S_TCODE check in SE93 in "modern" versions of SAP. Back before the S_TCODE check was introduced as standard, it made sense. Technically, you can turn the S_TCODE check off, but that will also turn off the profile generator, so not really likely to happen anywhe...
by henrik
Mon Oct 08, 2012 5:14 pm
Forum: SAP Security
Topic: Adding single to composite - role doesn't exist
Replies: 3
Views: 2785

Re: Adding single to composite - role doesn't exist

Hi Gary,
Yes, that might very well be the case.

Any wise words on how to fix the issue? And why is it only happening sometimes?
by henrik
Thu Sep 27, 2012 12:25 am
Forum: SAP Security
Topic: Adding single to composite - role doesn't exist
Replies: 3
Views: 2785

Adding single to composite - role doesn't exist

Hi, A bit perplexed here... I am trying to add a single role to a composite. The single role exists, and I can see it in SUIM and PFCG. However, when I try to add it to the composite, it says that it doesn't exist, and I can't even find it through the dropdown - in fact, I can't find any roles throu...