Skip to Content
avatar image
Former Member

TMSTCRI - monitor critical security objects

Hi All,

We are trying to monitor critical objects in security roles and ensure these are not transported to production erroneously.

I believe TMSTCRI table has some such option but when i make an entry and test it, it does not seem to work. For exampl i made an entry R3TR AUTH S_DEVELOP in the table and tried transporting a role with this object but no warning showed up.

We also set the parameter CHECK_CRIOBJ_AT_IMPORT to W in the transport tool

Any inputs will be a very helpful

Thanks

Vijaya

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Jan 13, 2010 at 10:29 AM

    You have misinterpreted what the "object" field is here.

    It is refering to a repository object (such as a name of a role, or a program, or a function module, etc of their respective object types).

    If you want to control S_DEVELOP being added to a role, then use S_USER_OBJ and S_USER_VAL.

    You cannot control the contents of a role via TMSTCRI, only the name of teh role.

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Yes, for org levels and FROM / TO ranges you need full access for that object and value respectively.

      But S_DEVELOP does not have org. levels so you should be fine to restrict the object to only those role administrators who should have anything to do with S_DEVELOP, regardless of the role.

      This is a different topic to TMSTCRI though, where you could enter the role name to be blocked - however you cannot control the role names for which S_DEVELOP can be added, only whether or not S_DEVELOP can be added at all by the user.

      Probably some good training for the admins will be easier to achieve the control... 😊

      Cheers,

      Julius