cancel
Showing results for 
Search instead for 
Did you mean: 

Does Standard ruleset includes all SAP standard tcodes in it ???

0 Kudos

Hi ,

I came across a report in GRC which is Action in roles but not in rules.

When i executed this report , i expected that only custom tcodes would pop up in result screen. But strangely most of the standard tcodes appears in the result along with Z tcode.

Coming to my question whether SAP delivered ruleset consists of all stnadard tcodes included in ruleset ? if not why few T codes are not in the list ? I just want to know if i am doing anything wrong from my side.

We have activated S4Core ruleset and i have checked in GRACFUNCACT table for the below standard tcodes and they do not exist ?

Attached screenshot

capture1.jpg

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor

Hi Praveen,

List Action in Roles but not in Rules - The intention of the report is to highlight the transactions which are part of your authorization roles but not in rules.

You will definitely have lot of standard and custom tcodes which are in roles but not in rules because not every Transaction code is critical or sensitive to be part of SoD or Critical access rules. Generally display transactions and reports will not be part of the rule set unless they are related to sensitive or critical data access.

So, you need to assess the report "List Action in Roles but not in Rules" output from access rules perspective whether certain standard and custom transactions which are in roles but not in rules should be part of your rule set and should not assume that all tcodes should be part of rule set.

Note: SAP provided rule set is a baseline using which you need to build or customize your rules according to your system and processes

Regards,

Madhu

Answers (1)

Answers (1)

0 Kudos

Thank you Madhu babu for explaining it in a detailed way