NOTE FEBRUARY 2012
How to customize WebDynpro configuration
An UIBB is an user-interface building block, meaning basically an interface view
– a WebDynpro ABAP window. A customization can be done with the help of the FPM (Floor Plan Manager) configuration editor. Corresponding elements can be adapted and customized according to individual requirements.
Step 1 –Call WebDynpro service in configuration mode:
The desired URL is to be entered into the browser:
http://<system>:<port>/sap/bc
sap-config-mode=x
NOTE JANUARY 2012
How to create a transportable BRF+flat initiator rule for MSMP in GRC 10.0
The BRF (Business Rule Framework)+ is a strong tool when it comes to the
definition of ABAP rules to reflect business scenarios.
In the GRC 10.0 MSMP (Multi-Stage Multi-Path) workflow a business rule
can be utilized for different purposes as in the following example where we want to create a transportable initiator rule.
Step 1 -Creation of a development package:
The transaction SE21 is to be called and a desired name for the new package
to be entered. The development package is to be associated with a transport layer.
The creation results in a workbench request.
The software component is GRCFND_A.
Organization Rules in GRC AC 10
Organizational rules allow you to filter „false positives” from the risk analysis.
What does that mean?
You have a role concept with master derived roles, where e.g.
the leading organizational level is the company code with
a corresponding organizational value set.
Role_A_0001 for Company Code 0001 – (FB60)
How to customize an AC10 access request form
The Access Request (AR) form can be called via the NWBC -->
Access Management --> Access Request
The individual fields in this form can be customized.
To do this - go to the IMG (transaction SPRO)-->Governance, Risk
How to create an UME Role
In User Administration call the Identity Management.
Select Role and then Create Role.
Enter a unique name according to your agreed naming
convention and a description.
.jpg)
How to create a Portal Role
There are of course different approaches on how to create a portal role –
this section just provides a general introduction.
As a rule you should never maintain the SAP® standard roles.
In a first step you may want to consider creating your own folder with
permissions accordingly restricted to the role developers only.
A solid approach would be to assign the Owner permissions to
Role naming conventions
There are so many different ways defining a role naming convention
that it is hard to determine the ultimately best approach.
It is important for maintenance, consistency and transparency to have
at least a clear concept.
In the following little note I will introduce you to one of my favourite
solution approaches based on the fact that the role naming
is limited to 30 characters.
General considerations:
Security upgrade
SAP® systems are upgraded on a frequent basis, and as part of such
an upgrade the security requires special attention as well.
While new authorization objects are introduced - even in purely technical
upgrade scenarios - additional relations between authorization objects
and transactions are also updated in the corresponding SAP® standard
tables amongst a lot of other things.
To benefit from these new implementations, and to make sure that
Enhancement for table access control: S_TABU_NAM
Given the high criticality and increasing complexity related to table access –
SAP® has introduced a new authorization object for a more refined
table access control.
The authorization object S_TABU_NAM was introduced last year.
This authorization object consists of two fields ACTVT (Activity)
and TABNAME (name of table or view).
Indirect / Position based role assignment
The HR solution offers aside from the general security concepts certain
additional security solutions that take the specific requirements related
to personal data into account.
Roles for example can be directly assigned via PFCG /SU01 / SU10
or indirectly through the HR Organizational Model.
