Hello,
I am looking for a way to collect all the elements of the SAP permissions chain :
- Transaction
- Transaction code
- Object
- Object Field
- Object Field's Value
You will find, attached to this post, a schematic of the SAP data model I am talking about.
In order to apply SoD rules on the Object Field's Value.
Did someone ever do it ?
We were thinking of this mapping :
- Transaction Code = > Application Role
- Object = > entitlements
- Object fields & object field's values => custom entitlement's attributes
But since we do not know in advance how many object Fields an object has, nor how many values it contains, this seems inefficient.
How do you recommend we use, or expand, the RSA data model to store these informations ?
Thank you for your time and response,
Kind Regards,
Baptiste Deligny
As far as I now, SAP has potentially thousands of granular entitlements.
How many SOD rules do you expect to create?
In your scenario, are users being granted with SAP granular entitlements or only with SAP roles?