on 07-09-2012 8:50 PM
Hi Guys,
Need your help in understanding how are the 7 digit rule ids and 9 didgit permission rule id. As far as my understanding goes,the risk id comprises of 4 digits(specific to the functions that conflict i.e. GL01 &GL02) +3 digit(specific tcodes in the question i.e. FS01 and F-21) + 2 digit(??).
My guess wud be to distinguish the specific associated permission i.e. delete/create/modify etc. Please confirm?
Also, another doubt. Since there is a restriction of 3 digits given to combination of tcodes(if my understanding is correct) doesnt it kinda puts a limit to maximum no of tcode i can have in a function rather than the function being an exhaustive all-inclusive repository of related actions. This might be an issue if an orginization has a lot of customized Tcodes.
Sorry if the queries seem juvenile. Would be really thankful for any insights into understanding risks.
Hi Vivek,
Yes your understanding is correct regarding the 9 digit rule id.
First four digits comprise of the risk and next 3 are for action and next two are for permissions.
For more information on the maximum number of rules kindly refer note below for details:
1310365: Maximum number of rules that can be generated
Best Regards,
Smriti
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vivek,
The way that the Risk Logic works is, there can be maximum number of 46655 rules that can be generated for each risk. This maximum number is based on the rule naming convention that you have said as Action rule Id as 7 digit. The first 4 digit of the rule will always be the Risk Id. This leaves only 3 digits which have to be unique for each combination of actions for the risk. These 3 digits can be either alpha or numeric which gives 36 possible values for each of the three digits. This is what makes up the limitation as 36x36x36 = 46,655. After this combination is reached, no new rules can be generated for that risk.
For more detail on this you may ref SAP Note #1310365: Maximum number of rules that can be generated
Regards
Shaily
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey,
Thanks again for the detailed info. So the maximum no rules calculation involves only the actions(i.e. action rule id). So does it mean there are no rules specific to permissions.
To elaborate the last 2 digits pertaining to permissions within the same set of action. So there are no rule ids specifically to cater to these.
Sorry to be a pain.
Thanks and Regards,
Vivek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.