on 07-08-2018 6:11 AM
Hello,
Guidance required.
I noticed that the automatic role "ZSAP_SETUP_BASIC_S_DEVELOP" was assigned to Basis Admins in production. This role has authorization of S_DEVELOP with ACTVT 02.
At point of time, they can remove, but when granted again the user can perform unauthorized debug activities then remove the role.
The question remains - can the users actually perform debug activities using this role? Are all the automatic roles in solution manager not be shown in SUIM? Is this a functionality in Solman v7.2 to assign roles automatically?
Thanks!
Hi,
If you look at the role SAP_SETUP_BASIC_S_DEVELOP's description in PFCG
This role is used for full S_DEVELOP authorization of transaction SOLMAN_SETUP
Hence, you are right that this it can be used for debugging. This is being given when you create the setup user in SOLMAN_SETUP as per below screen shot.
If you don't want user to have that when you create the user, you could just select "Do nothing" as shown above in the Advanced Mode.
This prompt is shown because I am using a user with SAP_ALL to run the SOLMAN_SETUP, and it will ask you to create a new user with the roles show as above, if you run it with a user that is less capable and not able to assign roles, it will instead give you the list of roles and ask you to contact the security team to create the user for you.
I am not sure about the SUIM question, you may need to check with the Security team why it is not showing, because Solman application is build on top of the BASIS infrastructure, and it is using the authorization infrastructure too, hence it should behave like any other application in the authorization aspect.
You could also check in the security guide for more information
https://help.sap.com/doc/b4a8c8e4d575476ba67bdbf69a904b24/7.2.06/en-US/SecConfigGuide.pdf
Let me know if you have further question on this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.