cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Role SPROVIEW

Go to solution
Former Member

on ‎10-26-2016 12:34 PM

0 Kudos

Hi,

We have here in SAP SPROVIEW Role is created with some limited TCode access.

Now Users are asking for Full TCodes in SPROVIEW Role.

Keeping * to S_TCODE Object will be Risky ?

Please suggest.

Regards,

swapz

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
‎07-05-2017 12:42 PM
0 Kudos

Hi Swapz

Yes S_TCODE asterisk is risky as not all transactions codes will necessary have secondary authorisation checks. Check out table TSTC to see how many transactions are in your system and you'll realise the user doesn't need them all. The other risk is cross inheritance of roles - users might have the underlying authorisations in other roles but no the S_TCODE value.

Generally, you want to protect the entry points to want to always restrict the following objects as they can allow users to execute functionality S_TCODE, S_RFC, S_SERVICE, S_DEVELOP, S_ICF.

Regards

Colleen

Show replies
Show replies

Answers (0)

Ask a Question