Scribd Logo
Unggah

Selamat datang di Scribd!

  • RSUSR 008 009 New - Critical Authorizations

    Diunggah oleh

    great_indian
    298 tayangan10 halaman
    This document discusses customizing and reporting on critical authorizations and authorization combinations in SAP. It describes how to define critical authorizations and customize separation of duties (SoD) conflicts between authorization combinations. It also explains how to configure reporting variants to report on critical authorizations, authorization combinations classified as high risk, and users that violate SoD rules or can access sensitive data.

    Deskripsi Asli:

    Using the report in SAP

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    This document discusses customizing and reporting on critical authorizations and authorization combinations in SAP. It describes how to define critical authorizations and customize separation of duties (SoD) conflicts between authorization combinations. It also explains how to configure reporting variants to report on critical authorizations, authorization combinations classified as high risk, and users that violate SoD rules or can access sensitive data.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    298 tayangan10 halaman

    RSUSR 008 009 New - Critical Authorizations

    Diunggah oleh

    great_indian
    This document discusses customizing and reporting on critical authorizations and authorization combinations in SAP. It describes how to define critical authorizations and customize separation of duties (SoD) conflicts between authorization combinations. It also explains how to configure reporting variants to report on critical authorizations, authorization combinations classified as high risk, and users that violate SoD rules or can access sensitive data.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 10

    Users with Critical Authorizations

    By Lodewijk Borsboom
    Contents 1. 2.
    2.1. 2.2.

    INTRODUCTION CUSTOMIZING
    Critical Authorizations Customizing Critical Combinations

    1 2
    2 4 6 6 7

    2.3. Customizing Reports 2.3.1. For Critical Authorizations 2.3.2. For Critical combinations

    3.
    3.1. 3.2.

    REPORTING
    Reporting Critical Combinations Reporting Critical Authorizations

    9
    9 10

    1. Introduction
    This instruction is about the ABAP report RSUSR008_009_NEW or transaction code S_BCE_68002111. This transaction is also included in the SUIM menu:

    Users with Critical Authorization

    Lodewijk Borsboom

    www.sap-security.nl

    2. Customizing
    2.1. Critical Authorizations
    Click on Critical Authorizations (Kritieke bevoegdheden) .

    Then, double-click on the left column on Critical Authorization (Kritieke bevoegdheid)

    Here you find all authorization IDs which are: Critical of itself: ZK* Only Critical in combination with another authorization ID: ZT* A combination of 2 ZT-authorization IDs equals one of the businesss defined SoD Criterion.

    Users with Critical Authorization

    Lodewijk Borsboom

    www.sap-security.nl

    Select the record with ZT01 - Post Vendor Credit Memo (Crediteurenfacturen boeken) and double-click in the left column on Authorization data (Bevoegdheidsgegevens)

    Here you see the details of 1 part of the SoD criterion, in this case on transaction level only. But you can also specify on object levels.

    With a Group you can choose if the criteria have an OR or an AND relation. If you specify more than one Group, the groups always have an AND relation with each other. In this specific case it shows that the user will comply with this authorization ID when he is authorized for at least one of the named transactions (because of the OR operator).

    Users with Critical Authorization

    Lodewijk Borsboom

    www.sap-security.nl

    Execute the actions above for authorization ID ZT02 Creditor Payments (Betalingen aan crediteuren) as well. You will see the screen below:

    2.2. Customizing Critical Combinations


    In order to define these 2 authorization IDs as one SoD conflict, you have to navigate back to the start of the transaction and click on Critical combinations (Kritieke combinaties):

    Then, click in the left column on Combination (Combinatie)

    Users with Critical Authorization

    Lodewijk Borsboom

    www.sap-security.nl

    In here, the SoD conflicts are described according to the following naming conventions:
    Combination1 Authorization ID 1 Authorization ID 2 Classification

    ZC01

    ZT01

    ZT02

    All classifications are assigned to a different color: H (High) = Red (Rood) M (Medium) = Purple (Paars) L (Low) = Yellow (Geel) Select ZC01_ZT01ZT02_H H: Post Vendor Credit Memo_ Creditor Payments) (Crediteurenfacturen boeken_Betalingen aan crediteuren) and double-click on Critical Authorization (Kritieke bevoegdheid)

    Users with Critical Authorization

    Lodewijk Borsboom

    www.sap-security.nl

    The following screen appears:

    In here, the link is established between the 2 authorization IDs. This link always has an AND-logic.

    2.3. Customizing Reports


    2.3.1. For Critical Authorizations
    Click on Critical Authorizations (Kritieke bevoegdheden)

    One report variant has been made. Select ZVIVARE_GEVOELIGEDAT (Display & Change Authorization for Sensitive Data) and double-click on Critical Authorization (Kritieke bevoegdheid) in the left column:

    Users with Critical Authorization

    Lodewijk Borsboom

    www.sap-security.nl

    On this screen you notice that this report variant is only covering Authorization IDs ZK01 & ZK02:

    2.3.2. For Critical combinations


    Navigate back to the start of the transaction and click on Critical combinations (Kritieke combinaties):

    Users with Critical Authorization

    Lodewijk Borsboom

    www.sap-security.nl

    4 Reporting variants have been made:

    Select ZVIVARE_HOOG and double-click on Combination (Combinatie)

    Only the classified-High SoD-criteria are presented here. You have the flexibility to report on self-chosen divisions of the SoD concept.

    Users with Critical Authorization

    Lodewijk Borsboom

    www.sap-security.nl

    3. Reporting

    Selecting a variant is mandatory Using selection criteria is optional The output is always based on userids. If you want to analyze roles only, you would need to have set of test users in a test environment: one dedicated user for each role.

    3.1. Reporting Critical Combinations


    Select the variant ZVIVARE_ALLES Select userid ZFCOORD-VAKW Press Execute See the report below:

    Users with Critical Authorization

    Lodewijk Borsboom

    www.sap-security.nl

    This user (that represents composite role ZF-COORDINATOR-VAKW) has 3 conflicts MEDIUM and 1 conflict HIGH.

    3.2. Reporting Critical Authorizations


    Select variant: ZVIVARE_GEVOELIGEDAT Select userid ZFCOORD-VAKW Press Execute

    This user can access sensitive data

    10

    Users with Critical Authorization

    Lodewijk Borsboom

    www.sap-security.nl

    Anda mungkin juga menyukai