Skip to Content
0

SAP Role SPROVIEW

Oct 26, 2016 at 11:34 AM

50

avatar image

Hi,

We have here in SAP SPROVIEW Role is created with some limited TCode access.

Now Users are asking for Full TCodes in SPROVIEW Role.

Keeping * to S_TCODE Object will be Risky ?

Please suggest.

Regards,

swapz

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Colleen Hebbert
Jul 05, 2017 at 11:42 AM
0

Hi Swapz

Yes S_TCODE asterisk is risky as not all transactions codes will necessary have secondary authorisation checks. Check out table TSTC to see how many transactions are in your system and you'll realise the user doesn't need them all. The other risk is cross inheritance of roles - users might have the underlying authorisations in other roles but no the S_TCODE value.

Generally, you want to protect the entry points to want to always restrict the following objects as they can allow users to execute functionality S_TCODE, S_RFC, S_SERVICE, S_DEVELOP, S_ICF.

Regards

Colleen

Share
10 |10000 characters needed characters left characters exceeded