Showing posts with label SAP SECURITY AUTHORIZATION. Show all posts
Showing posts with label SAP SECURITY AUTHORIZATION. Show all posts
Thursday, 23 July 2015
Sunday, 19 July 2015
SUIM Reports/ABAP Reports Required for SAP Security Team
RSUSR000 Currently Active Users
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRESS Select users by address data
RSUSR003 Check the Passwords status of Users SAP* and DDIC in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth. Objects
RSUSR005 List of Users with Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 Critical Combinations of Authorizations at Transaction Start
RSUSR008_009_NEW List of Users with Critical Authorizations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Transactions for User, with Profile or Authorization
RSUSR011 Lists of transactions after selection by user, profile or objects
RSUSR012 Search authorizations, profiles and users with specified object values
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with auth.object S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR304 Reload Table TSTCA From Table TSTCA_C
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_A.CPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR403 Assign Profile S_A.CPIC to User SAPCPIC in Current Client
RSUSR404 Conversion Program for Authorizations of Basis Development Environment
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA: Conversion of USOBX-OKFLAG, USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report: TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration: Compare Users in Central System
RSUSR500D Report RSUSR500D
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R/3 4.5)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R/3 4.5)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA: Synchronization of the Company Addresses
RSUSRSUIM User Information System
RSUSR_S_USER_SAS Activate Authorization Object S_USER_SAS
RSUSR_S_USER_SAS_01 Complete Authorization Data for S_USER_SAS in Roles
RSUSR_S_USER_SAS_02 Convert Authorization Defaults
RSUSR_SYSINFO_PROFILE Report cross-system information/profile
RSUSR_SYSINFO_ROLE Report cross-system information/role
RSUSR_SYSINFO_ZBV Report cross-system information/CUM
Wednesday, 15 July 2015
Critical Authorization Objects
|
S.No
|
Auth.Object
|
Description
|
|
1
|
S_TABU_DIS
|
Used to protect tables using authorization groups with activity
|
|
2
|
S_TABU_CLI
|
Auth object used to protect cross client tables
|
|
3
|
S_TABU_LIN
|
Auth object used to tables based on line items
|
|
4
|
S_TABU_NAM
|
New auth object to table access based on names
|
|
5
|
S_PROGRAM
|
Used to run ABAP reports/programs via SA38
|
|
6
|
S_DEVELOP
|
Auth object used to control ABAP objects or debug access
|
|
7
|
S_USER_AGR
|
Used to control roles
|
|
8
|
S_USER_AUT
|
Checked during authorization maintenance
|
|
9
|
S_USER_GRP
|
Used control user groups
|
|
10
|
S_USER_PRO
|
Used for profile maintenance
|
|
11
|
S_BDC_MONI
|
Used to protect batch input monitoring
|
|
12
|
S_BTCH_JOB
|
Used for background job monitoring and administration
|
|
13
|
S_BTCH_ADM
|
Used for background job administration
|
|
14
|
S_BTCH_NAM
|
User level control for background job scheduling
|
|
15
|
S_SPO_ACT
|
Used for spool administration which controls S_ADMI_FCD
|
|
16
|
S_ADMI_FCD
|
Basis administration like spool and monitoring
|
|
17
|
S_SPO_PAGE
|
Used to control name of the o/p device and number of pages
|
Friday, 28 November 2014
How to Disable Access to INFOTYPE 008 in HR Security
Info type 0008 will
enable users to look at others basic pay which is confidential and it required
to be protected from users, because we must restrict this access to users who
ever have access to HR data.
Here I will tell you
how to achieve it.
1. Go to SE16N and check
the table TOBJ(Authorization Objects) and enter field value INFTY ad execute
2. Now you can able to see
all the authorization objects which is having filed INFTY, so now we need to
check which all are tcodes having access to list of authorization objects which
is having access to field INFTY
3. Go to table TSTCA in
SE16N tcode and enter the list of authorization objects
4. Now execute and you
will get a list of tcodes which is having authorization field INFTY, just do a
excel work to remove all the duplicate values and you will get list of PA20,
PA30, PA40, etc.. HR tcodes
5. That’s it you are
almost done and now check who is having access/whom you want to disable access
to info type 0008 in HR data by pulling report in SUIM and making changes in
the corresponding assigned roles to users.
Hope this document is
helpful to you and do share J
Subscribe to:
Posts (Atom)