Based on our experience and findings throughout the years we follow the idea that you need to investigate object level authorizations in order to find out whether a user has access to certain functionalities or not.
Our knowledge about “What needs to be evaluated for which piece of functionality” is embedded in so called “queries”.
These are standardized queries which are delivered with the CSI AA.
There are three analysis-types, which are related to the different analysis levels
• Queries for analysis on S_T-code object
• Queries for analysis on Authorization Object level
• Queries for analysis on Authorization Object Field level
Note: Some of these queries can be used straight forward, others need to be fine-tuned in order to fit your business environment.
• Field value authorizations are mostly dependent from choices made when customizing your SAP system. This implies differences for each client system. The queries may also contain optional authorization objects. If these optional authorization objects are not used in your organization's SAP system, the objects should be deactivated in the queries.
• The implementation team has build new authorization objects and authorization checks in SAP.
• Authorization object can be disabled in the system.
It is also possible that you need to do reviews in an area which has not been covered by the standard queries (for example when your organization has created custom objects in the SAP system). You may add new queries to your application or change existing ones. Once you have found users with access to certain functionality, you can always trigger the profiles and authorizations which caused this access.
Double-click on a transaction code, an authorization object, an authorization object field or user to get additional information. It is the same action as using the menu items under SAP-Data with a filter on this specific transaction code, object (field) or user.
Note: Additional information on users, roles, profiles and authorizations are available under File-Info.
CSI tools BVBA © 2012 - All Rights Reserved