We have created customized transactions in our Utility Company that have not been correctly assessed in GRC. They have all come back with no risk level. These transactions are usually modelled after standard SAP transactions, with additional functionality.
My objective is to have these transactions assigned the correct authorization object and function i.d.s. As I understand it, function i.d.s group related transactions that allow our Security Analyst to perform the GRC assessment. However, I have to first "tag" these custom transactions with the i.d. before the assessment can be done.
For example, we have "ZF01-Maintain Billing Master Data" as a function i.d. We have grouped all the transactions that are related to the master data of a service address of customer under it.
I am trying to correctly assign similar function ids to the custom transactions.