In CRM UI ( CRM 2007) , there are no actions( transactions) as it is a web based abap component. It only have authorization objects and their permissions. So SAP support confirmed that we cannot create SOD risks for CRM UI.
How ever we found out a note 1225227 which talks about functions containing
only permissions. When we enquired with SAP support if we can create SOD risk at permission level for CRM UI as per the note, they confirmed it is possible.
I just want to know how you all are handling risk analysis for CRM UI (crm2007). Is there any other way other than creating Functions with only permission and mapping them to risk? Can you guys give some tips on how this can be handled ? The Offline analysis is not possible as getting the authorization data is difficult and SAP will not support any non RTA based system even if it is a SAP product.
Also in CRM 2007 and SRM 5.0, can you all confirm that use of firefighters( SPM) is not applicable as the end users login directly to the web and there is no firefighters available for web based applications like this.
Thanks in advance for your help.