Skip to Content
avatar image
Former Member

where to get the auth grps values from

Hello

I have created a role with different t-codes inserted in the menu tab in PFCG. After i save the role and move on to Authorization tab there are lot of yellow lights. I know these auth objects have to be made either inactive or filled in with the authorization values as per the business restrictions. When i trying to fill in values for auth grps for example value of BRGRU in F_KKK_BEG it does not have any From and TO values. Where do we get this information from. Is it security resposibility to add these values in se54 t-code or do we have to get with process teams.

Any input on this is highly appreciated

Thanks in advance

KV

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Jan 23, 2008 at 09:35 PM

    >

    > When i trying to fill in values for auth grps for example value of BRGRU in F_KKK_BEG it does not have any From and TO values.

    These groups can be filled in customizing, so I think you need a functional guy to find out if they are configured and how.

    (This info should have been in the functional design/spec for your roles.)

    Jurjen

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 24, 2008 at 10:08 AM

    Like what Jurgen said, there is no way by which we (security) would know the right values. The functional folks would be the best bet.

    ravi

    Add comment
    10|10000 characters needed characters exceeded

    • >

      > >

      > > Use of auth groups is part of your security design and the security team should be working with the functional team to identify all controls which are acheived via application security.

      >

      > Which doesn't invalidate the fact that you need the functional team on this one 😉 If it isn't for all the answers, then it's for the cooperation.

      > Point taken though.

      You are entirely correct of course.

      This is my concept of "doing security" rather than the administrative task of entering values into a role that someone tells you without understanding why they are there and what they are controlling.