Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

AnsweredAssumed Answered

How to apply SoD rule on SAP finest grains ?

Question asked by Baptiste DELIGNY on Feb 6, 2017
Latest reply on Feb 7, 2017 by Baptiste DELIGNY

Like • Show 0 Likes0
Comment • 2

Hello,

I am looking for a way to collect all the elements of the SAP permissions chain :

Transaction
Transaction code
Object
Object Field
Object Field's Value

You will find, attached to this post, a schematic of the SAP data model I am talking about.

In order to apply SoD rules on the Object Field's Value.

Did someone ever do it ?

We were thinking of this mapping :

Transaction Code = > Application Role
Object = > entitlements
Object fields & object field's values => custom entitlement's attributes

But since we do not know in advance how many object Fields an object has, nor how many values it contains, this seems inefficient.

How do you recommend we use, or expand, the RSA data model to store these informations ?

Thank you for your time and response,

Kind Regards,

Baptiste Deligny

Attachments

SAPPermissionModel.png22.8 KB

No one else has this question

Outcomes

2 Replies

Boris Lekumovich Feb 6, 2017 7:30 PM
Mark Correct
Correct Answer
As far as I now, SAP has potentially thousands of granular entitlements.
How many SOD rules do you expect to create?

In your scenario, are users being granted with SAP granular entitlements or only with SAP roles?
Like • Show 0 Likes0
Actions
- Baptiste DELIGNY @ Boris Lekumovich on Feb 7, 2017 4:50 AM
  Mark Correct
  Correct Answer
  Thank you for your answer,
  We expect a couple of hundred rules, based on roles (defined by a number of fine grained entitlements).
  
  Baptiste
  Like • Show 0 Likes0
  Actions

Recommended Content