Skip to Content
avatar image
Former Member

Need to alert security team every time when a new authorization object is created

Hi,

There is a requirement, when new authorization object is created in SU21 then alert or mail will sent to security team every time? Is their any BADI or Exit available to write the code? or Is there any standard workflow task that we could cover this requirement?

Thanks and Regards

Sudarshan Gaikwad

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Jun 10, 2015 at 12:25 PM

    Hi All,

    Thanks for your reply and suggestion. Those suggestion really help me to reach to my solution.

    I have resolved this by implicit enhancement at the time of saving the authorization object in SU21.

    As I have found the PGMID = R3TR, OBJECT = SUSO and OBJ_NAME = ZTEST (Authorization object name).

    1. Sr.No

    Implicit Enhancement

    Purpose of Enhancement

    Comments

    1

    LTMW_PROJECT_LOCKF01

    When transport request will save then in this Include we can trigger our code

    Useful for our requirement

    We can do it programmatically in other ways also but in my case we required to implement it into Implicit enhancement point only.

    Other options are also we can consider as below.

    1. Sr.No

    BADI Name

    Purpose of BADI

    Comments

    1

    CTS_CURRENT_PROJECT

    On the basis of Authorization object check (SUSO) we can proceed to our requirement

    Useful for our requirement

    Add comment
    10|10000 characters needed characters exceeded

  • May 06, 2015 at 06:52 PM

    Hi,

    That is an interesting and unusual requirement. I doubt that there is anything standard from SAP. You could try to find a suitable implicit enhancement point to trigger custom code. Another simple solution would be to schedule a job that would read change documents. This would not be real time but it may be sufficient. May I ask how often do you create a new authorization object?

    Cheers

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Martin Voros

      Not sure whether removing S_DEVELOP auths in DEV will last very long.

      The TMS BADI has the advantage that they can develop in peace -> check happens when they decide they are ready to transport.

      Cheers,

      Julius

  • May 14, 2015 at 09:48 AM

    Hi Sudarshan,

    Exclude Value "SUSO" from the "Object type"(OBJTYPE) in Authorization object S_DEVELOP of users.

    This will prevent users from creating.

    Create a separate role with this access and give to the users on case basis or Put in Fire fighter ID and assign to them if you have GRC system in place which will notify concern person :-)

    Regards,

    Gangadhar

    Add comment
    10|10000 characters needed characters exceeded