cancel
Showing results for 
Search instead for 
Did you mean: 

SAP GRC Access Rule Maintenance: Function permissions autofill.

619

Hello Experts,

I hope you are all well.

I was wondering if you could help me understand one function behaviour in particular which I cannot put my finger on.

Namely, when I add new transaction into the function definition, a whole set of authorizations auto fills in the permissions tab. Also happens when I update the permissions alone.

Do you know where it pulls data from? And whether I can turn this off?

It looks like SU22/24 export but it does not make any sense. Do those entries come from SAP standard ruleset?

The reason why I am asking this is because every time I update given function manually, a bunch of new entries appear out of nowhere.

It is really confusing and make the task unnecessarily time consuming.

Before you ask, yes I would normally use upload functionality but every time I do so, the timestamp changes on all rulesets we have. Regardless of what I update.

As a result I need to explain to our internal audit why it is so, each and every time. Also the change log is useless while uploading so I cannot show exactly what I changed.

I would really appreciate it if you could put some more light on this topic.

Thank you in advance.

Kind regards,

Jarek

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Greetings jaro85

If I understand the topic correctly, all the functionality comes from authorization engine of the SAP Backend. For any new transaction added, the initial transaction call, the definitions of the transaction in SU24 and ABAP authority check are the 3 pillars for SAP standard role authorization to work as expected.

su24.jpg


In SU24, you can see the check indicators transaction by transaction and these indicators settings define which ones are automatically populated when that transaction is added to role (or function).

indicator.jpg

See the attached for reference.

Hope it helps shed a light.

Cheers,

Luis