Maintain Critical TCode

Dear Expert,
Could you please help me? Due to system Audit I have maintain(register) in SAP the critical T-code through S_BCE_68001401 --> View critical combination --> Change critical combinations.
Transaction Combinations Critical for Security                                                        
  Transactio Transactio  Transactio  Transactio   TransactioText                          DeleteFlag          
  FB01        FB02          PFCG        SE38         SU01                                    Customer's own ent  
  MMPV      XK01          XK02         XD01          XD02                                    Customer's own ent  
  SU02        SU03          SE01                                                                     Customer's own ent  
This the example T-code that I declare as a critical T-code
But when I execute by choose --> view by users
I get a list from SAP like this
AMALIA                                                               
              SU02                 Maintain Authorization Profiles    
              SU03                 Maintain Authorizations            
              SE01                 Transport Organizer (Extended)                                                                               
FB01                 Post Document                      
              FB02                 Change Document                    
              PFCG                 Role Maintenance                   
              SE38                 ABAP Editor                        
              SU01                 User Maintenance                   
But actually amalia have MMPV authorization
My question is: is what T-code can be used to define the critical T-code and how to create a report
beside using SUIM.
Thank you in advanced
Best regrads,
Maya

Dear Chinmaya,
Your suggestion is actually the same that what I did, due to the restriction I define the critical T-code in SAP testing and transport to SAP Production. But the report result is not correct, because I have assign one critical T-code for specific user and the user is not appear in the report.
My question is why? Thank you
Best regrads,
Maya

Similar Messages

  • FF 5.2 - Critical TCodes for Log Analysis

    Hi,
         What is the typical config for "refer to critical tcodes in CC ZVRAT" in FF 5.2? is it better to maintain the Critical TCodes for FF in its Own table and not refer to CC
    We are having issues with maing FF refer to the Critical TCodes list in CC, has anybody had this issue, if yes please list what the workround is.
    Thanks

    Hi,
         What is the typical config for "refer to critical tcodes in CC ZVRAT" in FF 5.2? is it better to maintain the Critical TCodes for FF in its Own table and not refer to CC
    We are having issues with maing FF refer to the Critical TCodes list in CC, has anybody had this issue, if yes please list what the workround is.
    Thanks

  • Authorization to maintain critical combinations / authorizations

    It seems like there should be an easy answer to this, so pardon me if I've missed the obvious.
    I've been looking into transaction RSUSR008_009_NEW (List of users with critical combinations), but when I click either the "Critical Combinations" or "Critical Authorizations" buttons at the top, I get a "No Authorization" error.  What authorization do I need to maintain the critical combinations?
    Thanks in advance,
    Dan

    Thanks.. that was the first thing I did when I got the error, but the result was meaningless.  Having just tried it again though, the results were more useful.  Can't imagine what I did wrong last time.
    Anyway, the SU53 indicates I need t-code VCUSRVARCOM_DISP.. but I imagine there's more to it than that.  I found a few possibilities:
    SU_VCUSRVARCOM_CHAN - Maintain View Cluster VCUSRVARCOM
    SU_VCUSRVARCOM_DISP - Display View Cluster VCUSRVARCOM
    SU_VCUSRVAR_CHANGE - Maintain View Cluster VCUSRVAR
    SU_VCUSRVAR_DISP - Display View Cluster VCUSRVAR
    Bonus points to anyone who can produce a URL to some official information about this. 
    -Dan

  • Critical actions in SPM reports

    Hi all,
    One question in the way SPM retrives data from when reporting:
    I have seen in SPM report "SoD Conflicts Report" that SPM integrates with RAR in order to identifiy SoD Conflicts.
    Regarding, the critical actions filtering applied in SPM reports, where this information validation is it retrieved from? Critical actions defined in RAR OR critical actions maintained in R/3 transaction VFAT? What is to say in frontend (RAR) or backend (R/3)?
    Many thanks in advance. Best regards,
      Imanol

    Hi Imanol,
      It totally depends on your configuration. Go to SPM/FF -> Configuration tab. There is a parameter called 'Critical Transaction Table from Compliance Calibrator (VRAT)'. If the value is not maintained or if the value is 'NO' then SPM/FF will look at it's own critical tcode table. If the value is 'YES' then SPM/FF will look at RAR/CC for critical tcode table and you don't need to maintain critical tcodes in SPM/FF.
    Regards,
    Alpesh

  • 5.2  --  GOTO SE16 and enter TSTC for TABLE NAME.  TCODE FIELD /VIRSA*

    Should the following tcodes work?  If so, how do I troubleshoot the ones that don't work?  If not, how do they get configured to work?  Can someone provide a link for documentation?
    TCODE                                  TTEXT                              
    /VIRSA/ALERTGEN                  Activity Monitoring                
    /VIRSA/MICCONFIG                  Virsa MIC User mapping Configuration
    /VIRSA/ORGUSRMAPPING    Maintain ORGUSERS table            
    /VIRSA/RE_DNLDROLES       Role Expert 4.0                    
    /VIRSA/VFAT                  Firefighter                        
    /VIRSA/VRMT                  Role Expert                        
    /VIRSA/ZMGMTRPT                  Management Report Graphical View   
    /VIRSA/ZRTCNFG                  Risk Terminator Configuration      
    /VIRSA/ZRTDELLOCK            Delete Role Lock                   
    /VIRSA/ZRTRGLOG                  Risk Terminator Role Generation Log
    /VIRSA/ZVFAT_U02                  FirefightId Log summary            
    /VIRSA/ZVFAT_U03                  Reason/Activity report             
    /VIRSA/ZVFAT_U04                  FirefightId Transaction Usage      
    /VIRSA/ZVFAT_U05                  Invalid Firefighter Ids/Owners/Cntrl
    /VIRSA/ZVFAT_U06                  SOD Conflicts in Firefighter       
    /VIRSA/ZVFAT_U07                  Data Migration from Master to Text 
    /VIRSA/ZVFAT_V01                  Log Report                         
    /VIRSA/ZVFAT_V02                  Log Report                         
    /VIRSA/ZVRAT                  SAP Compliance Calibrator          
    /VIRSA/ZVRATBAK1                  Update data for Mgmt Graphical View
    /VIRSA/ZVRAT_C01                  Security & Controls Policies       
    /VIRSA/ZVRAT_COVN            Conversion of CC tables, Old to New
    /VIRSA/ZVRAT_D01                  Download Spool Requests by Job Name
    /VIRSA/ZVRAT_L01                  Conversion Utility for CC Text Table
    /VIRSA/ZVRAT_L02                  Conversion Utility for Long Texts  
    /VIRSA/ZVRAT_M01                  Upload/Download CC tables          
    /VIRSA/ZVRAT_M02                  Where Used list of Mit. Control Id/M
    /VIRSA/ZVRAT_M03                  Analyze disabled SOD TCode & Object
    /VIRSA/ZVRAT_M04                  Optimizer for SOD Data Table       
    /VIRSA/ZVRAT_M05                  Where Used list of  Control Id/Monit
    /VIRSA/ZVRAT_MG1                  Management Cockpit                 
    /VIRSA/ZVRAT_P01                  Display changes to Profiles        
    /VIRSA/ZVRAT_R01                  Count authorizations in roles      
    /VIRSA/ZVRAT_RB2                  Rule Architect                     
    /VIRSA/ZVRAT_RB3                  Rule Architect Conversion          
    /VIRSA/ZVRAT_S01                  Monitor Conflicts & Critical Trans.
    /VIRSA/ZVRAT_S021                  Monitor Conflicts & Critical Trans.
    /VIRSA/ZVRAT_S03                  Download Objects for Tcodes        
    /VIRSA/ZVRAT_S04                  SOD Conflicts for TCodes and Objects
    /VIRSA/ZVRAT_S05                  SOD Rule Wizard                    
    /VIRSA/ZVRAT_S06                  SOD Rule Validation Tool           
    /VIRSA/ZVRAT_S07                  Non Reference Report               
    /VIRSA/ZVRAT_S08                  User Access Report                 
    /VIRSA/ZVRAT_S09                  Comparing diffrent SOD Matrices    
    /VIRSA/ZVRAT_S10                  Tcodes by Roles/Profiles, never exec
    /VIRSA/ZVRAT_S11                  Authorization object by Roles/Profs
    /VIRSA/ZVRAT_S12                  Transactions executed by Users     
    /VIRSA/ZVRAT_S13                  Comparing Critical Tcode Matrices  
    /VIRSA/ZVRAT_S14                  Comparing SOD Authorization Matrices
    /VIRSA/ZVRAT_S15                  Compare Sod Tcode & Authorization  
    /VIRSA/ZVRAT_S16                  Comp.Calibrator Data Maintenance   
    /VIRSA/ZVRAT_U01                  Count authorizations for Users     
    /VIRSA/ZVRAT_U02                  Analysis of called trans in Cus.code
    /VIRSA/ZVRAT_U03                  Management Report                  
    /VIRSA/ZVRAT_U05                  Expired and Expiring Roles for Users
    /VIRSA/ZVRMT_U01                  Check Role Status                  
    /VIRSA/ZVRMT_U02                  Check Tcodes in Menu & Authorization
    /VIRSA/ZVRMT_U03                  Compare Users Roles                
    /VIRSA/ZVRMT_U04                  List roles assigned to a user      
    /VIRSA/ZVRMT_U05                  Where used list for roles          
    /VIRSA/ZVRMT_U06                  List roles and transactions        
    /VIRSA/ZVRMT_U07                  Create/Modify Derived Roles        
    /VIRSA/ZVRMT_U08                  Analysis of Owners Roles and Users

    Hi Greg,
       Most of the TCodes work but they are not being used. Which products do you currently have? Most of these tcodes are obsolete as they were part of old Virsa products. Here is the explanation:
    -> At the start, Virsa had five different products namely Compliance Calibrator (CC), Fire Fighter (FF), Role Expert (RE), Risk Terminator (RT) and Access Enforcer (AE). Except AE, all other products were developed into SAP R/3 using ABAP so the transaction you see are coming from those four products. As of now, CC and RE has been moved to Java (same as AE) but RT and FF still reside in ABAP side.
    -> You should be able to configure Tcodes related to FF and RT. You do not need to configure Tcodes for CC and RE.
    -> You must be wondering how did you get all these Tcodes? Through the RTA (Real Time Agent) you have installed for GRC AC 5.2 in your SAP backend system. Even though, AC 5.2 does not need full blown products in the back-end, RTA still contains all of those products.
    -> To start using these products, you will have activate BC sets. I do not recommend you to use CC and RE, if you are already using those products via Web front-end. FF and RT has some pretty good features.
    -> Please follow AC 5.2 configuration guide to configure FF and RT.
    If you don't want to use any of these, don't bother. These tcodes don't affect anything in your system.
    Regards,
    Alpesh

  • About Condition Maintain in CRM

    hello, CRM experts.
    I have a qusestion here.
    Actually I'm attending a CRM leasing project, and in contract, we use conditon type/function 4F30 to determine the Financed Amount of leasing.
    I check the condition mapping configure that 4F30 is mapping from condition type/function 4A10.
    But now I find I can't maintain condition record for 4A10.
    I have checked the CAI tools and Maintain Conditions tcode '/SAPCND/GCM', but find no way to add condition record in type 4A10.
    Could any one support on this?
    What's the correct way to maintain this condition type?

    hello,  Animesh.
    Thanks for your reply.
    Actually we expect the finance amount could be determine automatically base on the condition record or CAI, not manually.
    So we should first maintain the condition record preliminarily.
    the condition function for finance amount is 4F30, but if you check the condition type definition of this one, you will find the condition function is also 4F30, and no access sequence assign to it.
    And checking the configure Financial Services->Leasing->Pricing->Define Condition Mapping, I find the 4F30 is copy from 4A10 (pricing process here is NEWO).
    But the problem I face to is where is the type 4A10 record comes from?
    I can't find a way to maintain condition record for type 4A10 in CAI or normal condition maintain tcode.
    Could you help on this?
    Or is there anyone know the correct way to make 4A10 or 4F30 condition work?
    thanks in advanced

  • Function module to read hierarchy based on values maintained in assigned au

    Hi All,
            Is there any standard FM which will return values in the hierarchy based on assigned authorization maintained in tcode RSECADMIN
    example value maintained:
             Type of authorization for a hierarchy - 1
              Hierarchy level - 0
              Area of validity u2013 2
    FM should take care of user as the values maintained for type of authorization, hier level, area of validity will be different.
    Help on this regard will be highly appreciable.
    Thanks.

    Hi,
    Pls try this:
    RSNDI_SHIE_STRUCTURE_GET3
    RSSH_HIERARCHY_READ
    RSAR_HIERARCHY_GET
    Looking  up BW-Hierarchy with ABAP
    Regards
    CSM Reddy

  • Number range in tcode OMH8

    Hi all,
    Please tell me that which number range we use to maintain in tcode OMH8. It says that its for service specification but what is this service specification exactly? I dont know what is service specification. Is it in service master or where?
    Please respond.
    Best Regards,
    AI.

    hi al,
    Use transaction ML10 to create service specification.
    Service specification can be also be created in the form of Purchase requisition. The document must contain the set of service specification listing the necessary services in detail. The details of service specifications can be maintained at item detail level wher u can enter description, qty, price and other details. We can summarize both service with master records and without master records in service specifications.
    We can have a maximum of 4 hierarchy levels at outline levels.
    Regards,
    Nani.

  • EDI partner profile not maintained.

    I am currently working on BI 7 and on trying to install ODS from BC its giving me error that
    <b>EDI partner Profile is not maintained.</b>
    Can somebody please send me the documents on how to maintain EDI partner profile for transferring data from ODS to Infocube.

    Hi Amit,
    EDI partner profile is maintained using Tcode WE20.
    YOu need to select LS (Logical System ) and your Source System.
    And maintain Inbound and Outbound parameters here.
    Check OSS Note 886102 - System Landscape Copy for SAP BW 2.X, 3.X and NW2004s BI
    Step 6.8: Reactivate all partner profiles that carry the new logical system name after renaming
    Execute Transaction WE20 to reactivate the partner profiles. Choose "Partner type LS (logical system)"  enter the logical system name of the partner  in tab "classification", change the  partner status from "I" (inactive) to "A" (active) and save.
    Hope this Solves your problem
    Thanks
    Ck

  • Tcode SQVI post any security threat in production system ?

    hi,
    my user is requesting to use tcode sqvi in production, but authorisation team do not allow as the tcode will allow user to do query across.
    is SQVI a security critical tcode that we should not let user have in Production system ?
    comment and advice will be highly appreciated.
    regards,
    kent

    >
    Kent SAP wrote:
    > hi,
    >
    > my user is requesting to use tcode sqvi in production, but authorisation team do not allow as the tcode will allow user to do query across.
    >
    > is SQVI a security critical tcode that we should not let user have in Production system ?
    >
    > comment and advice will be highly appreciated.
    >
    > regards,
    > kent
    i'm sorry i saw this post too late ... of course  SQVI is VERY security-critical. It requires S_TABU_DIS on every table used in sqvi. if you have more than one company code, more than one plant, more than one purchasing organisation you will no longer be able to prevent your user reading data from other organisational structures!!  you might as well give access to SE16(N) then.
    follow this thread about queries (sqvi is a small-time query) in the SDN security-forum for more on the topic:
    How to override security for table access when using SAP Query?
    Edited by: Mylene Euridice Dorias on May 29, 2008 1:31 PM

  • Maintain notification long text in IW21

    Hi Expert,
    I have one requirement as follows:
    In TCode IW21: Create PM Notification, client wants Notification Long should appear as a Template from Standard Text (TCode: SO10).
    Now I want to fetch this Std. Text which is maintained in TCode SO10 and show it at Notification Long Text while creating Notification using TCode: IW21.
    Please guide me how to do this functionality using any User Exit or any Enhancement available in SAP.
    Thanks,
    Jay.

    Hi,
    Create SAP standard text
    DATA: IT_TEXTS type standard table of TLINE,
          wa_texts like line of it_texts,
          THEAD    TYPE THEAD.
    **Populate text table
      wa_texts-tdformat = '*'.  "new line
      wa_texts-tdline = 'First line of text'.
      append wa_texts to it_texts.
      clear: wa_texts.
      wa_texts-tdformat = '='.  "continuation line
      wa_texts-tdline = 'still first section of text'.
      append wa_texts to it_texts.
      clear: wa_texts.
    **Also need to Populate THEAD details which can be gathered from the Text Identification Details
          CALL FUNCTION 'CREATE_TEXT'
               EXPORTING
                    FID         = THEAD-TDID
                    FLANGUAGE   = THEAD-TDSPRAS
                    FNAME       = THEAD-TDNAME
                    FOBJECT     = THEAD-TDOBJECT
                  SAVE_DIRECT = 'X'
                  FFORMAT     = '*'
               TABLES
                    FLINES      = IT_TEXTS
               EXCEPTIONS
                    NO_INIT     = 1
                    NO_SAVE     = 2
                    OTHERS      = 3.
    Thanks,
    Abhijit

  • Tcode :- MEAN

    Delivery Instruction address is maintained in Tcode :- MEAN
    Is there any table for MEAN ?
    I could not search "Delivery address master data"  by address number mentioned in purchase order under "Delivery Address" tab

    Hi,
    "MEAN" transaction internally calls "SADR" transaction. This transaction uses "SAPMSADR" program. This program uses the following tables
    TSAD7(Address Groups) and TSAD8(Groups of Persons).
    Regards,
    Suman

  • Restricting SCC4 Tcode, from the Role that was extracted from SAP_ALL profile

    Hi,
    Recently we have created a role extracting from SAP_ALL profile. We have deactivated many Basis, and other Critical Tcodes for our Dev & QTY systems by identifying the authorization objects.
    But- for SCC4 we want to know if there is any other way to restrict the access.
    Since we created the role by extracting the profiles from SAP_ALL. S_TCODE has * value, and S_TABU_CLI: has "X" value.
    - problem is we cant deactivate or limit the usage of S_TABU_CLI:X as we have many ZTcodes for direct maintenance, which needs this AO.
    - At the same time, we are trying hard to restrict SCC4.
    So, please suggest if there is any other alternative way to restrict Tcode SCC4, by not being able to run using the New Role.
    Regds,
    Satish.

    First of, let me say that I fully agree with Sunil Bujade. The building block approach is the way to go when designing roles.
    But if we're being practical, you could use authorization groups for tables (T-code SE54) and assign a custom auth. group to table T000. Then use this group to authorize (or actually not authorize) with object S_TABU_DIS.
    Again, this is just a practical tip. The whole "create a role from SAP_ALL" thing is a totally different subject altogether.
    Good luck!
    Dimitri.

  • Tcode 'MB1A'

    Hi,
    Critical Tcode 'MB1A' has been granted to many user IDs in PRD, and sometimes this is inappropriately used for posting Inventory Scrapping without proper approval.   Can you please advise if there is any workflow or function to control posting this kind of trx in MM?  If not, please advise the best practice to control this exposure.
    Thanks and Regards
    Chandru.

    Hi,
    You can always ask your auhorization consultant for some help.
    Or you can do a quick fix and:
    Check out the movement type codes your users are incorrecly using and go to tcode OMJJ. Here, and for each code, acess 'allowed transactions' and eliminate the lines containing 'MB1A'.
    Regards.

  • SE43n-Area Menu Maintainance

    Hello Friends,
    What is the main use of  SE43N (Area Menu Maintainance)
    this tcode, can any one Explain me this.
    Regards,
    DVNS.

    Hi,
    The CUA area menus are converted to tree navigation in Release 4.6A. The menu contents are automatically copied into a new data structure in Upgrade to Release 4.6A or higher. You can edit Area Menus with a new maintenance interface (Area Menu maintenance transaction: SE43 ).
    Reporting Tree Integration
    Only transactions could previously be put in Area Menus. From Release 4.6A you can also put all the types of reports which are in reporting trees, in Area Menus. The system automatically assigns a transaction code to call the report from the menu. If you have already put the report in another Area Menu, no new transaction code is generated, the unique transaction code already assigned is used.
    You can create Area Menus from complete reporting trees with the migration transaction RTTREE_MIGRATION . The report transaction codes are generated automatically.
    Reporting trees can only be displayed. They cannot be maintained. To modify the contents of reporting trees, you must convert them with the migration transaction. You can then modify the contents with the Area Menu maintenance.
    Advantages of the new Area Menus
    The new data structure has the following advantages:
    Delinking by reference technique
    You can construct a menu from submenus which are maintained separately in different systems.
    Less restrictions
    The new area menus have no nesting level limit like CUA menus. The allowed length of menu texts has increased to 75 characters.
    Restrictions
    The following components of the previous area menus are no longer supported:
    Application toolbars
    Fast paths
    Procedure for creating area menu maintenance:
    1. Enter a name for the Area Menu in the Area Menu input field. Do not use Umlauts or special characters in Area Menu names; they are not allowed in object names.
    2. Choose Area Menu ® Create.
    3. Enter a meaningful description for the Area Menu in the following dialog box.
    4. Choose Insert entries.
    regards,
    vasavi.
    kindly reward if helpful.

Maybe you are looking for

  • How can I convert a catalogue from PSE on an old PC to a PSE 11 catalogue on another PC?

    I tried to do it according to the instructions in the help menu, however PSE 11 does not even recognize the file format.

  • Networking a PC with my Mac

    I want to network a PC with my Mac. I did buy a router but was told be customer service of the router company that they did not support Mac software. I had my network up for about a half hour. I need to know what router to buy for my network. The PC

  • Paint track for jslider

    anyone know how to paint the track of a jslider until it's current value.. an example would be: http://www.geocities.com/shfarr/img/lafshots/controlpanelaccess.png

  • Mac, keep getting configuration error 1 when trying to open files re-installed from external drive

    I recently had to do a clean install of my computer and tried to run my Adobe applications after installing them from a hard drive backup. It keeps giving me Configuration Error 1. I tried to take a different route and use my serial number to activat

  • Jitter in cucm

    Hello, Was looking at the CAR report in my cucm and i am seeing excessive packet loss,jitter and latency at the destination phone. while the users themselves dont seem to complain. Wondering if it has got to do with device at destination happens to b