Skip to Content
author's profile photo Former Member
Former Member

Upload of SU24 Auth. objects in SAP GRC AC 5.3

Hello,

We are in process of SAP GRC AC 5.3 implementation, and our SAP System is not updated to SU24 (Authorization objects), in which USOBT_C is populated.

In GRC AC 5.3 Pre-implementation checklist, it is mentioned about the above, being necessary.

If the SAP System is not updated to SU24, then what is the other way, to upload authorization objects in RAR Post-Install Steps, after we have already completed SAP GRC Tools ( all the SCA files) install and backend RTA installation?

Thanks!

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Aug 10, 2009 at 05:56 AM

    Abdul,

    I don't know of any other automated way as the program is written to extract information from SU24. You can manually create the tab limited file which will take you some time.

    Regards,

    Alpesh

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Abdul,

      SU24 is used by GRC CC to define the authorization objects it should analyse in order to determine whether a certain access is granted to a user.

      The system considered that if you are maintaining SU24 then all auth objects set to check are in fact required by a transaction in order to execute the functionality within it. GRC uses su24 as your default mapping of auth objects and field values to tcodes.

      If you dont maintain su24 regularly when modifying security then you can still upload the SU24 data, however, there is a higher likelihood you will have false positives in your results. The end result is that your implementation team will have to invest more time in adjusting the rule book to increase the accuracy of the analysis results.

      I hope this helps.

  • author's profile photo Former Member
    Former Member
    Posted on Aug 26, 2009 at 05:24 AM

    Hi,

    I agree with Alpesh there is no other way to upload of SU24 auth objects. If you are not running your analysis at permission level for now you can continue without it by running analysis at Action level. Later you can upload it and run analysis at permission level.

    Thanks,

    Darshan

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Sep 18, 2009 at 06:15 PM

    You can upload SU24 file of any system. Download SU24 from a system where you have USOBT_C table maintained.

    and upload the same in CC .

    Regards,

    Surpreet

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Sep 23, 2009 at 02:55 PM

    hi

    1. Create file (automated via batch job) from SU24 (report /VIRSA/ZCC_DOWNLOAD_SAPOBJ)

    ==> SA38 --> Background --> create a variant where you fill out the value for the server + filename (no extension needed for filename) --> schedule periodically

    2. convert to UTF-8 format (how can this be automated?)

    --> not necessary ; in my system it is UTF-8 by default

    3. upload periodically into RAR via background job (from AIX based file system !)

    --> configuration tab --> upload objects --> permission --> choose system --> leave local file blank and fill out server location (drive letter) --> click background and schedule the job daily. This is not a heavy job, therefore daily.

    Sam Szafranski

    Senior Consultant

    axl & trax

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.