on 10-26-2016 12:34 PM
Hi,
We have here in SAP SPROVIEW Role is created with some limited TCode access.
Now Users are asking for Full TCodes in SPROVIEW Role.
Keeping * to S_TCODE Object will be Risky ?
Please suggest.
Regards,
swapz
Hi Swapz
Yes S_TCODE asterisk is risky as not all transactions codes will necessary have secondary authorisation checks. Check out table TSTC to see how many transactions are in your system and you'll realise the user doesn't need them all. The other risk is cross inheritance of roles - users might have the underlying authorisations in other roles but no the S_TCODE value.
Generally, you want to protect the entry points to want to always restrict the following objects as they can allow users to execute functionality S_TCODE, S_RFC, S_SERVICE, S_DEVELOP, S_ICF.
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.