Question:
Guys
Im taking responsibility of junior security position. Ive been assigned in cleaning up Basis and system admin authorizations from roles and composite roles. Could you please guide me in cleanup.. how to find which are basis and system tcodes and how to remove. I have a composite role given by my lead for cleanup. Step by step procedure would be great. SAP 4.6c.
I appriciate your help. Thanks.
Regards
Aruvai
Answer:
There is non procedure for this that I know of, however, I would use as the starting point the default roles delivered by SAP. Create a test role and from the menu tab select Icon from another role.
Select one of the basis roles e.g. SAP_BC_BASIS_ADMIN and this will give you a screen to choose which transaction to load into the test role. Expand the selection and at the end of each transaction description you will see the transation code. You may need to do this with any SAP role that has BC in its name. Be carefull though as there maybe users out there who will need some basis and system transactions. You will need to ask them to justify the need for any basis or system functions.
Use SUIM and search for any role containing the transactions from the SAP role.
Compaosite roles by their very nature are made up of single and derived roles and derived roles are created from single roles, therefore, it is the single roles you will need to cleanup