This website is not affiliated with, sponsored by, or approved by SAP AG.

Conflicts under the SAP Transaction Authorisation.

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Conflicts under the SAP Transaction Authorisation.

Postby CMB2012 » Fri Feb 10, 2012 3:51 am

Hello,
We are devoping the Role based Non Conflicting SAP Authorisation Matrix and trying to know the Conflicts in SAP authorisation provided to the user of SAP Modules – Project System (PS), Financial Accounting (FI), Controlling (CO), Selling & Distribution (SD).

Can anybody help me to know the such conflicts in SAP transactions Authroisation?
CMB2012
 
Posts: 5
Joined: Fri Feb 10, 2012 12:44 am

Re: Conflicts under the SAP Transaction Authorisation.

Postby Gary Morris » Thu Aug 02, 2012 1:52 pm

You cannot really focus on transactions when it comes to conflicts.

You can get a High Risk Matrix from the internet showing two FI tcodes that one user should not have, but that is not usually what you need.

Instead you need to focus on the authorization objects and values, particularly "shared" authorization objects that more than one tcode requires.

There are many transactions that end in 01, 02, 03 such as xx01, xx02, xx03 that all call the same initial screen (same program)
What makes them create, change or display is not the tcode but an authorization object that they all require and the activity field.

Creating a matrix that includes these authorization objects and the tcodes is what reveals true conflicts.
Transactions share the authorization objects, and sometimes it is not possible to limit someone to display only on a particular transaction because the auth object is required by another tcode that they want the user to have.

If you just need a list of conflicts try getting a copy of the tables for this from the internet, such as a High Risk Segregation of Duties matrix or tables downloaded from SAP after GRC has been setup, or Virsa. There are spreadsheets out there that show how to setup the RSUSUR009 report or USKRIA tables that list the exact combination of authorizations and values combined with others that will create SOD issues. Of course each company is different as to what is considered an SOD or High Risk issue in their company. Some things are obvious for all companies, but even then companies will decide to allow it for a user and log their activity to satisfy auditors.
Gary Morris
SAP Security Consultant
garydavidmorris@gmail.com
Gary Morris
 
Posts: 399
Joined: Sun Oct 20, 2002 10:42 pm
Location: San Antonio, Texas

Re: Conflicts under the SAP Transaction Authorisation.

Postby CMB2012 » Fri Aug 03, 2012 12:08 am

Hello Gary Morris,

Thank you very much for your reply. As it was unanswered for a quite long. You have shared very useful information.
We have worked on the SOD principles and developed the matrix with objects and activities where in tried to avoid the confitcts to the extent possible.

Once again thanks for your contribution.

With warm regards
C M Bhagat,
Linde, India
Chandravadan.bhagat@linde-le.com
CMB2012
 
Posts: 5
Joined: Fri Feb 10, 2012 12:44 am


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 3 guests





This website is not affiliated with, sponsored by, or approved by SAP AG.