This website is not affiliated with, sponsored by, or approved by SAP AG.

Transaction codes added manually to Role

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Transaction codes added manually to Role

Postby sapsecadm007 » Thu Aug 23, 2012 10:32 am

Hi All,

If a transaction code is added manually to a Role in PFCG -> Change Authorization data --> Manually add object S_TCODE and some transaction say for example SU01, then if the profile is generated and assigned to a user, will the user be able to perform all activities associated with SU01 or only be able to start SU01.

Thanks,

JD
sapsecadm007
 
Posts: 2
Joined: Thu Aug 23, 2012 10:27 am

Re: Transaction codes added manually to Role

Postby Al. » Fri Aug 24, 2012 3:50 am

Hi,

They will only be able to run the transaction if they have the S_TCODE plus additional auths required to support the end-to-end processing of the transaction.

These auths could be in the role or available in the user master record.
http://www.turnkeyconsulting.com/
Al.
 
Posts: 3049
Joined: Tue Feb 25, 2003 5:35 am
Location: London

Re: Transaction codes added manually to Role

Postby sapsecadm007 » Fri Aug 24, 2012 6:31 am

So in other words if a user has only S_TCODE with SU01 added manually to the assigned role,he will be able to only start SU01 annd not do anything else right.
sapsecadm007
 
Posts: 2
Joined: Thu Aug 23, 2012 10:27 am

Re: Transaction codes added manually to Role

Postby Sharpshooter » Fri Aug 24, 2012 7:22 am

Maybe not even start the transaction - if an auth object is assigned directly to the tcode in SE93, it is checked on transaction start.
I think you could have verified this yourself with a quick test rather than ask here and wait for an answer.
Good luck!
Sharpshooter
 
Posts: 1171
Joined: Wed Mar 17, 2010 12:01 pm
Location: In the dark


Return to SAP Security

Who is online

Users browsing this forum: Yahoo [Bot] and 7 guests





This website is not affiliated with, sponsored by, or approved by SAP AG.