Click the 'Review'-button (icon representing Glasses & red circling arrows) on top of the Full Review dialog box in order to generate the following 3 tables.
Contains all allowed values derived from the Codification Document. Each entry within this table shows the combination of authorization object, authorization object field and value (range) which is allowed for a range of authorizations.
| OBJCT: | AUTH: | FIELD: | FROM: | TO: |
|---|---|---|---|---|
| * | *D?? | ACTVT | 03 |
For example, the entry shown above means that authorizations which relate to a display task (10th character of the authorization name is D) should have value 03 for authorization object field ACTVT for all objects possible (* value for authorization object). * and ?? are wildcards used to indicate for which kind of authorizations the value (range) is allowed.
Contains all SAP authorizations which do not comply with the Codification Document. The authorization object, authorization object field, the conflicting value (range) and the authorization name are shown for each entry which does not comply with the Codification Document.
| NL_FIELD: | NL_OBJCT: | NL_AUTH: | NL_FROM: | NL_TO: |
|---|---|---|---|---|
| ACTVT | F_BKPF_BUK | F31XXAPXXD02 | 07 |
For example, the authorization object F_BKPF_BUK allows you to determine in which company codes documents can be processed. Value 07 for ACTVT grants “activate/generate” functionality where only display is allowed.
Note: Using a sound naming convention proves its power once more since you can derive the module name (F), the domain name (31XX), the task name (APXX), type of task (D[isplay]) and SAP generated order number of the authorization from one single authorization name.
Contains all SAP authorizations which comply with the Codification Document. No further analysis will be needed.
Note: The result tables for Full Review on Roles are similar to the result tables of the authorization Full Review as shown below.
A manual Full Review run will mostly be used when you want to make specific investigations as to which authorizations match/do not match settings entered in the filter area. For a more general Full Review analysis, we advise to run the Automatic Full Review.
In order to start a Manual Full Review, click the 'Manual Review'-button in the Full Review module.
In addition to the Automatic Full Review, you can specify in the Manual Full Review:
The 'Used Authorization Values'-button generates a report which lists all authorization values from the SAP download that correspond to the filter settings in the left-hand side of the dialog box.
The number of different entries limits the entries which will be listed to those authorizations for which at least two 2 different values are present.
For example:
Since, the filter has been set on object level, all object fields related to this object will be included to search for used authorization values. For object M_MATE_MAR, the related fields are ACTVT and BEGRU.
However, in this print preview document only those fields are listed for which at least 2 used authorization values can be found in the SAP download.
Note: If the ‘Number of different entries’ were to be 4, no Used Authorization Values would be shown for the field BEGRU.
The ‘Run (Like FROM and TO)’-button generates a LIKE-table which contains all SAP authorizations that comply with the Codification Document.
No further analysis will be needed.
The ‘Cross-tab View (Like)’-button generates equally LIKE entries, but reports the authorizations values with the respective profiles they appear in.
Based on this table, one can derive that, for example, value 16 for ACTVT for object B_LSMW appears in 1 profile ( EXXXXSAPMA ) that consist of authorizations with authorization name having the text string ‘sap’ in it [= *sap* in MS Access].
Thus, applying a sound naming convention for profiles enables you to filter on authorization name and its profile from which the authorization name has been derived.
In contrast to the Automatic Full Review, you can choose whether you want to generate your results in raw data format or not. The content depends on the filter settings you have chosen in the filter area.
In this example, the CSI AA Manual Full Review functionality generates the results table displayed below, as an answer to the question ‘Which authorizations from the SAP download do not match the specifications set in the filter area?’
For a database technical reason, you will need to activate the indicated “~” to restrict the Full Review Not Like comparison only to the FROM-value 02. If you do not switch this sign on, no output will be generated.
Note: You do not need to activate this sign when running a Like-analysis
CSI tools BVBA © 2012 - All Rights Reserved
Automatic Full Review