________________________________________________________________________________ ________________________________________________________________________________ ___ Projetos de implantação de ERP da SAP http://sapcontent.org/wordpressturbo/?p=1597 ________________________________________________________________________________ ________________________________________________________________________________ ___ SOD Segregation of duties. Separation of the management or execution of certain duties or of areas of respo nsibility is required in order to prevent and reduce opportunities for unauthori sed modification or misuse of data or service. past threads on this topic http://easymarketplace.de/online-pdfs.php http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCCSTADM/BCCSTSAL.pdf http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCSECAUDLOG/BCSECSAL.pdf http://sapecc.com/sox_sod/sod_matrix.htm http://sapecc.com/sox_sod/sod_matrix.htm http://www.sapsecurityonline.com/sox_sod/sod_matrix_fi.htm http://www.auditnet.org/sapaudit.htm http://help.sap.com/saphelp_erp2005vp/helpdata/en/3f/857e41564c020de10000000a155 0b0/frameset.htm http://www.law.uc.edu/CCL/SOact/toc.html http://www.auditnet.org/sarbox.htm http://www.isaca-kc.org/doc/Segregation%20of%20Duties.pdf othes: http://web.utah.edu http://en.wikipedia.org/wiki http://itmanagement.earthweb.com/columns http://www.oversightsystems.com https://www.sdn.sap.com https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0043a8ab-bda e-2910-d8bc-cf4abd4d6bed ----------------------------------------------------------------------------------------------------------------------------------------------------------------Apresentação de SOD e Profiles http://www.slideshare.net/TransWare/profiling-for-sap-overview-reengineering-ana lysis-and-redocumentation-of-sap http://www.authorstream.com/Presentation/TransWare-819517-tw-profiling-sap-compl iance-v2-02-en/ ----------------------------------------------------------------------------------------------------------------------------------------------------------------Transações SAP http://pt.scribd.com/doc/59475862/Transacoes-SAP ----------------------------------------------------------------------------------------------------------------------------------------------------------------SAP http://www.saptechno.com/ SU02 Atualização perfis de autorização SU03 Atualização autorizações
Atualização dos campos autorização Atualizar objetos de autorização Utilização objetos de autorização em transações Lista dos últimos objetos de autorização utilizados e seus respectivos valores
http://marcolin.wordpress.com/2010/04/08/criacao-de-perfil/ ----------------------------------------------------------------------------------------------------------------------------------------------------------------How to See All Roles with the assigned Tcodes? 1. SE16 2. table = AGR_1251 3. Roles = z* (or select whatever roles you want) 4. Object = S_TCODE 5. Execute.................it will generate list of roles along with tcodes for each role. SE16m tables TSTC abd TSTCT ----------------------------------------------------------------------------------------------------------------------------------------------------------------ADM940: http://www.mediafire.com/?jtnmer2hwb4 http://www.filefactory.com/file/ccfcd3/n/ADM940_-_SAP_Authorization_Concept.pdf http://www.easy-share.com/1909411500/ADM940 ADM950: http://www.easy-share.com/1909411549/ADM950
----------------------------------------------------------------------------------------------------------------------------------------------------------------Regarding Transaction codes, you can list them all with SE16m tables TSTC abd TS TCT ----------------------------------------------------------------------------------------------------------------------------------------------------------------RSUSR008_009_NEW http://www.se80.co.uk/sapreports/r/rsus/rsusr008_009_new.htm SAP transaction such as SE38 or SE80 Tables used within report and the associated select statement: USRVARCOM SELECT SINGLE * FROM usrvarcom WHERE varname EQ combvar. USRVAR SELECT SINGLE * FROM usrvar WHERE varname EQ authvar. USRVARCOMT SELECT SINGLE * FROM usrvarcomt WHERE langu = sy-langu AND varname = combvar. USRVARCOMT SELECT SINGLE * FROM usrvarcomt WHERE langu = 'E' AND varname = combvar. USRCOMBT SELECT * FROM usrcombt FOR ALL ENTRIES IN i_cr_comb WHERE langu = sy-langu AND comb_id = i_cr_comb-comb_id. USRCOMBT SELECT * FROM usrcombt FOR ALL ENTRIES IN i_cr_comb WHERE langu = 'E' AND comb_id = i_cr_comb-comb_id. UST10S SELECT profn FROM ust10s INTO TABLE lt_sprofs WHERE aktps EQ gc_aktps_a AND objct EQ lv_object AND auth IN lr_auths. UST10S SELECT profn FROM ust10s INTO TABLE lt_sprofs FOR ALL ENTRIES IN pt_auths
"#EC CI_GENBUFF
WHERE aktps EQ gc_aktps_a AND objct EQ lv_object AND auth EQ pt_auths-auth. UST04 SELECT bname FROM ust04 APPENDING TABLE pt_users WHERE profile IN lr_profile. UST04 SELECT bname FROM ust04 APPENDING TABLE pt_users FOR ALL ENTRIES IN pt_profiles WHERE profile = pt_profiles-profile . TOBJ SELECT SINGLE fiel2 FROM tobj INTO lv_field2 WHERE objct EQ pv_object.
"#EC CI_GENBUFF
"#EC CI_GENBUFF
"#EC CI_GENBUFF
_ust12buffer * Note 1042128 - SELECT INTO TABLE (performance) * *----------------------------------------------------------------------* FORM get_data_from_ust12buffer USING pv_crit_val_object TYPE xuobject pt_ust12_data TYPE tyt_ust12_data. UST12 SELECT auth field von bis FROM ust12 INTO TABLE ls_ust12_tab-auth_data WHERE objct = pv_crit_val_object AND aktps = gc_aktps_a. database * select bname + usergroup from database ls_r_usr02-sign = gc_in. USR02 SELECT bname class FROM usr02 INTO TABLE lt_usr02 WHERE bname IN lr_usr02 . "#EC CI_SGLSELECT USR02 SELECT bname class FROM usr02 INTO TABLE lt_usr02 FOR ALL ENTRIES IN pt_users WHERE bname = pt_users-name . "#EC CI_SGLSELECT USR02 SELECT bname class FROM usr02 INTO TABLE lt_usr02 FOR ALL ENTRIES IN pt_users WHERE bname = pt_users-name . "#EC CI_SGLSELECT USRVART SELECT SINGLE * FROM usrvart WHERE langu = sy-langu AND varname = authvar. USRVART SELECT SINGLE * FROM usrvart WHERE langu = 'E' AND varname = authvar. USCRAUIDT SELECT * FROM uscrauidt FOR ALL ENTRIES IN i_cr_auth
"#EC CI_GENBUFF
WHERE langu = sy-langu AND auth_id = i_cr_auth-auth_id. USCRAUIDT SELECT * FROM uscrauidt FOR ALL ENTRIES IN i_cr_auth WHERE langu = 'E' AND auth_id = i_cr_auth-auth_id. database * select bname + usergroup from database ls_r_usr02-sign = gc_in. USR02 SELECT bname class FROM usr02 INTO TABLE lt_usr02 FOR ALL ENTRIES IN pt_user WHERE bname = pt_user-name . "#EC CI_SGLSELECT USR02 SELECT bname class FROM usr02 INTO TABLE lt_usr02 FOR ALL ENTRIES IN pt_user WHERE bname = pt_user-name . "#EC CI_SGLSELECT USR02 SELECT bname class FROM usr02 INTO TABLE lt_usr02 FOR ALL ENTRIES IN pt_user WHERE bname = pt_user-name . "#EC CI_SGLSELECT UST10S SELECT profn FROM ust10s INTO TABLE lt_profs WHERE aktps = gc_aktps_a AND objct = pv_object AND auth IN lr_auth . UST10S SELECT profn FROM ust10s INTO TABLE lt_profs FOR ALL ENTRIES IN pt_del_auths WHERE aktps = gc_aktps_a AND objct = pv_object AND auth = pt_del_auths-auth . UST10S SELECT objct auth FROM ust10s INTO TABLE lt_auths WHERE profn IN lr_prof AND aktps EQ gc_aktps_a . UST12 SELECT objct auth field von bis FROM ust12 INTO TABLE lt_auths_fld FOR ALL ENTRIES IN lt_auths WHERE objct = lt_auths-objct AND auth = lt_auths-auth AND aktps = gc_aktps_a . TOBJ SELECT SINGLE * FROM tobj INTO ls_tobj WHERE objct = pv_object. Function Modules used within report and the associated call statement: SELECT_OPTIONS_RESTRICT CALL FUNCTION 'SELECT_OPTIONS_RESTRICT' EXPORTING * PROGRAM =
SUSR_USER_LOGONDATA_GET CALL FUNCTION 'SUSR_USER_LOGONDATA_GET' EXPORTING user_name = user_name IMPORTING user_logondata = logondata EXCEPTIONS OTHERS = 0. SUSR_USER_DISPLAY_WITH_AUTHS CALL FUNCTION 'SUSR_USER_DISPLAY_WITH_AUTHS' EXPORTING user = user_name EXCEPTIONS OTHERS = 0. SUSR_PROF_DISPLAY_WITH_AUTHS CALL FUNCTION 'SUSR_PROF_DISPLAY_WITH_AUTHS' EXPORTING profile = prof_name EXCEPTIONS OTHERS = 0. AUTHORITY_CHECK_TCODE CALL FUNCTION 'AUTHORITY_CHECK_TCODE' EXPORTING tcode = 'SU_VCUSRVARCOM_CHAN' EXCEPTIONS ok = 1 not_ok = 2 OTHERS = 3. AUTHORITY_CHECK_TCODE CALL FUNCTION 'AUTHORITY_CHECK_TCODE' EXPORTING tcode = 'SU_VCUSRVARCOM_DISP' EXCEPTIONS ok = 1 not_ok = 2 OTHERS = 3. AUTHORITY_CHECK_TCODE CALL FUNCTION 'AUTHORITY_CHECK_TCODE' EXPORTING tcode = 'SU_VCUSRVAR_CHANGE' EXCEPTIONS ok = 1 not_ok = 2 OTHERS = 3. AUTHORITY_CHECK_TCODE CALL FUNCTION 'AUTHORITY_CHECK_TCODE' EXPORTING tcode = 'SU_VCUSRVAR_DISP' EXCEPTIONS ok = 1 not_ok = 2 OTHERS = 3.
Text pool values Selection Text: UGROUP = User Group (General) Selection Text: ACTGRPS = D . Selection Text: AUTHVAR = D . Selection Text: COMBVAR = D . Selection Text: GROUP = D . Selection Text: PROF = D . Selection Text: UALIAS = D . Selection Text: UREF = D . Selection Text: USER = D . Title: List of Users with Critical Authorizations Text Symbol: P02 = These profiles are not used for selection. Text Symbol: P01 = List of Sought but Unassigned Profiles Text Symbol: G03 = List of Sought but Unassigned Groups (General) Text Symbol: G02 = These groups are not used for selection. Text Symbol: G01 = List of Sought but Non-Existent Groups Text Symbol: E03 = (Comp.profile contains cycles) Text Symbol: E02 = is not analyzed Text Symbol: E01 = Incorrect composite profile Text Symbol: B09 = details about invalid values. Text Symbol: B08 = Check the report variant in dialog to obtain Text Symbol: B07 = Invalid input valuse for profiles Text Symbol: P03 = List of the Inactive Profiles Text Symbol: R01 = List of Sought but Unused Reference Users Text Symbol: R02 = List of Sought but Unassigned Roles Text Symbol: R03 = These roles are not used for selection. Text Symbol: S01 = Loading and checking all auth. profiles Text Symbol: S02 = Format of Additional Selection Criteria Text Symbol: S03 = Analyzing user data Text Symbol: S04 = Format List Output Text Symbol: S05 = Checking critical authorization: Text Symbol: S06 = Checking critical combination: Text Symbol: U01 = List of Sought but Non-Existent Users Text Symbol: U02 = These users are not used for selection. Text Symbol: B06 = Invalid input values for roles Text Symbol: 101 = User Group Text Symbol: 100 = User Text Symbol: 014 = Check Selected Variant Text Symbol: 013 = Check Variant Text Symbol: 012 = Log Display Text Symbol: 011 = List Structure Text Symbol: 010 = Analyzing data... Text Symbol: 009 = Maintain Critical Authorizations Text Symbol: 008 = Critical Authorizations Text Symbol: 007 = Maintain Critical Combinations Text Symbol: 006 = Critical Combinations Text Symbol: 005 = Display Only Valid Users Text Symbol: 004 = Selection Criteria for User Text Symbol: 003 = For Critical Combinations Text Symbol: 002 = For Critical Authorizations Text Symbol: 001 = Variant Name Text Symbol: 102 = User Group in User Master Maintenance Text Symbol: B05 = Invalid input values for alias names Text Symbol: B04 = Invalid input values for reference users Text Symbol: B03 = Invalid input values for general user groups Text Symbol: B02 = Invalid input values for user groups Text Symbol: B01 = Invalid input values for user names
Text Text Text Text Text Text Text Text Text Text Text
These alias names are not used for selection. List of Sought but Unused Alias Names Layout Title List Format Authorization Profile Profile Role Internet User Alias Alias Reference User