Clik here to view.
Re: S_TABU_DIS automatically activated in roles in Dev, QA and Prod
Hello Naveed, As you may know authorization objects are assigned to transactions. You can see this assignment using either transactions SU22 or SU24. You can see SE16 transaction's assigned...
View ArticleRe: Access Cleaning in SAP ECC6.0
Hi, Finding out the used t-code by a user can be known if audit log is configured,There is a Symantic GRC tool (third party tool) which helps to find out the used t-code over 6 months....
View ArticleRe: Restricting SCC4 Tcode, from the Role that was extracted from SAP_ALL...
You should segregate the task and then create the roles depends on the tasks. You can’t have all in one role then want to restrict by user.The SCC4 and other basis related transactions should be only...
View ArticleRe: User able to see EN language for specific t-codes(ME*)
Hi Shanmukh, Root cause of this issue is hidden in AGR_HIERT table where you will find Japanese descriptions are not maintained for those concerned transactions. You can maintain this text through...
View ArticleRe: Restricting SCC4 Tcode, from the Role that was extracted from SAP_ALL...
First of, let me say that I fully agree with Sunil Bujade. The building block approach is the way to go when designing roles. But if we're being practical, you could use authorization groups for tables...
View ArticleEntries in USR02
Dear Experts, If Users log-in only through Portal not via GUI, will the last logon date and time captured in USR02 table.if this table does not capture where the entry, then where is tracked and how...
View ArticleF.19 without granting direct access to FBB1
Dear all,I know that F.19 after creating BI-session calls transaction FBB1. But we do not want to give direct access to users. Only in background when processing BI-session.Is there anyone who has an...
View ArticleRe: User in hr can able to create records in PA30.But will give read only...
Hi Van, Thank you for your reply. Yes i agree structural profile will not grant read or write access to info types. But we give write/change access to particular object (lets take Org unit(O) in PLOG)...
View ArticleRe: Options of login module "DigestLoginModule"
Hi, Please read the following note:http://service.sap.com/sap/support/notes/2028823 It is valid for all releases. The DigestLoginModule is not officially supported by SAP. BR,Ivan
View ArticleRe: Entries in USR02
Hi, if you want to track activities of users then you have to use something that was designed for this. In case of ABAP AS there is security audit (SM19/SM20). For Java AS there is security log that...
View ArticleCUA issue; after roles are removed systems assigned to users remain?
Hello, I've had this specific issue with CUA for some time, but haven't needed to try and resolve until now. The problem is this:- after security roles for a user have been removed for an entire...
View ArticleRe: how and where to look for information about SAP vulnerabilities
Hi Jedrzej, The related SAP Notes for all of those are in the vendors advisory publication (look under the Affected Components section). If you have the SAP Note then it will tell you which version/s...
View ArticleClik here to view.
Re: how and where to look for information about SAP vulnerabilities
Thanks for help Alex - i couldn't find it in given to me links with advisories, but after gogling other sources i found proper SAP notes I can sleep well, when i know that for these four version 4.1...
View ArticleClik here to view.
Re: User in hr can able to create records in PA30.But will give read only...
Sorry did not get the below comment."The maintain flag in the structural profile does not relate to any maintenance authorization in PA. It only affects the OM objects authorized by the structural...
View ArticleClik here to view.
Re: User in hr can able to create records in PA30.But will give read only...
Yes the total authorization concept is an intersection of structural and general authorizations. The difference however, is that you could think of it the following way:Structural authorization...
View ArticleClik here to view.
Re: SM20 Reports
Przemek, That is a very good point that you make. I think there is a bug in the SM20N report. I will try to attach a picture of the output but essentially this is what I see in the output: Severe and...
View ArticleRe: SM20 Reports
Hi Mark, It may be a side point, but there is a very document about how to configure SM19/SM20. Analysis and Recommended Settings of the Security Audit Log (SM19 / SM20) Have a look if not already....
View ArticleRe: SM20 Reports
You should not (and cannot successfully) admin lock DDIC. You can reschedule the basis jobs to run under a different step user though to reduce its authorization requirements, but you cannot remove all...
View ArticleRe: SM20 Reports
Could be a display bug which uses the wrong text. The results are however correct. Which SAP release and kernel are you on? Cheers,Julius
View ArticleRe: SM20 Reports
ps: looking at your log, I will eat my hat if is not the case of a SOLMAN sandbox system which is still "alive" and using DDIC for the RFC calls. DDIC user does not support trusted RFC, so the user is...
View Article