Helpful Transactions GRC

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

Transactions

Transaction

Description Key Area

Why is this useful?

NWBC

Launch Netweaver Business Client

All

launch NWBC HTML. You will need to have work centre roles assigned or uild you own.

!"#$

Custo%i&ing

All

!el' e()lanatory * con+guration entry )oint 'or oth ,#C and )lug*in syste%s

,#AC-"L$A/-M0T-A!,N

)load Mitigation Assi Assign gn%e %ent nts s A#A A#A

)load a huge nu%er o' %itigation 1user2 role2 )ro+le3 in one shot. You can either a))end your current %itigations or overwrite. "rogra% ,#AC-"L$A/-M0T-A!!0,NM4NT!.

Further details, links, etc.

Mass change o' Mitigation Assign%ent s

/ownload Mitigation ,#AC-/WL$A/-M0T-A!,N Assi Assign gn%e %ent nts s A#A A#A

Mass change o' /ownload a huge nu%er o' %itigation Mitigation 1user2 role2 )ro+le3 in one shot. "rogra% Assign%ent ,#AC-/$WNL$A/-M0T-A!!0,NM4NT!. s

M!M" Work6ow ,#5NMW-C$N50,#4-W/ Con+gu Con+gura ratio tion n W5

M!M" Work6ow Con+guration * standard view 1we dyn)ro will launch3

M!M" Work6ow Con+ Con+g g 4()e 4()ert rt W5

!A" ,0 e()ert %ode to con+guration work6ow con+guration. con+guration. /o not use this transaction i' you not 'a%iliar or strong with M!M" con+guration as you will risk corru)ting your uild. This is use'ul i' you need to retrans)ort or trans)ort all o' the M!M" in one go as you can select it like an 0M, tale.

,#5NMW-C$N50,#4

M!M" 0nstance ,#5NMW-/B,M$N0T$#-W #unti%e / Monitor

!W// !W0A

Work6ow Builder

W5

Co%)rehensive view o' the work6ow e(ecution 'or M!M" evaluation including !tage7"ath calculation2 )rovisioning notes2 noti+cations and agents. This is use'ul 'or an Ad%inistrator to track issues with an M!M" a'ter a re8uest has een su%itted.

W5

nlikely you will need to go into this transaction as the Wor'klows 'or !A" are out o' the o( and M!M" is used. You can identi'y the M!M" integration 'ro% here.

W5

!A" standard work6ow. This will allow you to check the current Work6ow and  Task  Task nu%ers. nu%ers. 0' the M!M" 0nstance #unti%e shows the work6ow is co%)leted ut !W0A is not co%)leted

Transaction

Description Key Area

Why is this useful?

then there is an issue with the work6ow con+guration. Check Market)lace incase there is a correction.

,#AC-#$L4-MA!!-0M"#T

Mass #ole 0%)ort 'ro% Backend !yste%

,#AC-!"M-CL4AN"

Cleanu) 4AM A))lication /ata 4AM

"rogra% to clean u) 4AM tales.

4AM Logon "ad

5or centrali&ed +re+ghting2 you use ,#AC-4AM to o)en the 4AM Launch)ad on the ,#C syste%. 5or decentrali&ed +re+ghting2 you use 7,#C"07,#0A-4AM to o)en the 4AM Launch)ad on the )lug*in syste%s. The launch)ad 'or centrali&ed +re+ghting dis)lays all the )lug*in syste%s to which you have access. The launch)ad 'or decentrali&ed +re+ghting does not dis)lay any syste%s ecause it allows you to access only the current )lug*in syste%.

,#AC-4AM7,#AC-!"M and 7,#C"07,#0A-4AM

B#M

4AM

,#AC-"L$A/-#L4!

)load Access Control #ules A#A

,#AC-C$"Y-#L4!

Co)y Access Control #ules A#A

 This is availale in the 0M, navigation and allows you to i%)ort the rule set. Note2 i' you have work6ow activated 'or you ruleset it will not trigger work6ow. tility 'or co)ying !$/ rules 'ro% one syste% to another o' sa%e ty)e.

/elete Access Control #ules A#A

 This is availale in the 0M, navigation and allows you to delete the rule set. Note2 i' you have work6ow activated 'or you ruleset it will not trigger work6ow.

/ownload Access ,#AC-/$WNL$A/-#L4! Control #ules A#A

 This is availale in the 0M, navigation and allows you to download the rule set. #eco%%end you save a selection variant with the +le na%e and )aths so you do not have to continually %aintain the%.

,#AC-,4N4#AT4-#L4!

,enerate Access Control #ules A#A

 This is availale in the 0M, navigation and allows you to %ass generate the rules. You can also e(ecute this via NWBC2 however2 this )rogra% would allow you to schedule in ackground via !M9:79;

,#AC-#L4-T#AN!"$#T

 Trans)ort Access Controls #ules A#A

 This is availale via 0M, navigation and allows to %ass trans)ort the rule set.

4()ort #isk Analysis /ata 1e.g. when the +le is too ig 'or the we3 A#A

"rogra% to download the results o' the risk analysis to a local +le.

#isk Analysis A#A in Batch Mode

This is availale in the 0M, navigation and triggers the )rogra% 'or you to

,#AC-#L4-/4L4T4

,#AC-4<"$#T-#A ,#AC-BATCH-#A

Further details, links, etc.

Transaction

Description Key Area

Why is this useful?

Further details, links, etc.

schedule atch risk analysis. 4nsure your con+guration )ara%eters are set

,#AC-,4N4#AT4-#L4!

,#AC-,4N-4#M-B#5#L4

B#5"L!

!T@A/

B#5)lus Workench Custo%i&ing  Ti%e @ones

W5

Build M!M" rules 1usually B#5=3. #e'er to co%%ent elow 'or creating a))lication +rst.

W57B#M

Build the B#5= #ules 'or B#M role %ethodology and a))roval conditions grou)s. Note2 e'ore running to to B#5= and create a shell a))lication that has een assigned to a trans)ort and activated. se this a))lication in your de+nition. 0' not2 it gets created in >TM"

W5

Alternative transactions? B#5= and 5/T-Workench. You can %aintain the B#5= rules here and trans)ort through to "roduction.

BC

/iscuss with Basis e'ore %aking any changes to ti%e&one as it can i%)act 4AM log collections2 etc.

BC

A))lication log dis)lay. 0t is use'ul to track error %essages. Most ,#C authorisations errors will show in the a))lication log

!L,

/is)lay A))lication Logs

!4:

!A" /ocu%entatio n 14%ail te%)lates2 etc.3 All

!4:9

Translations

All

/ocu%ent %aintenance.  This transaction enales you to directly translate individual oects. Activate BC !ets * Business Con+guratio n !ets 1BC* C!3 * !A" Lirary

!C"#D

Activate BC !ets

""$M

Maintain $rgani&ational "lan Basis

Maintain $rgani&ational "lan

!A"conncet !end #e8uests

Check i' there has een an issue with sending on e%ail noti+cations or re)rocess re8uests. Transaction !$!B can e restricted to li%ited 'unctionality. Tcode !$!T

!C$T

!A"connect Ad%inistrationBasis

Con+guration o' !A"Connect. /iscuss with your Basis tea%. Take care in enaling in Non*"roduction environ%ent so you do not accidentally send e%ails to users and add con'usion. 0' enaled 'or Non*"rod2 reco%%end you )ut du%%y e%ail addresses on the user accounts.

!TD7!TATHT#AC47!TDE

!yste% Trace

Trace 'or an a))lication server. !TD is

!$!T7!$!B

Basis

Activation o' BC !ets.

Transaction

Description Key Area

Why is this useful?

use'ul 'or authorisation checks and include dataase calls2 kernel and #5C. !TATHT#AC4 is new version 'or security tracing with ALF 'unctionality and drill down 1hea)s easier to inte)ret than !TD3. !TDE co%es in handy to trace !GL calls to +nd the tale where in'or%ation has een stored.

!M

4n8ueue Locks

Basis

!TA/

/is)lay !tatistics 'or all syste%s

Basis

!CC

!N$T4 !4D7!4DJ !4: 7 !4:N

!MD

 You can access this in dis)lay %ode only. 0t can e a 8uick way to +nd which tales your data is stored in. ,o into the NWBC screen in change %ode so it )uts a lock on the tales. $)en a new session and go to !M to +nd the tales.

4AM 55 logs i%)ort !TA/ in'or%ation

Client Ad%inistration

Aility to change client setting to enale cross*client changes. /o not %ake changes to these settings without discussing with Basis. /e)ending on your landsca)e strategy you %ay need to %aintain so%e 0M, settings directly in the client 1such as integration 'ra%ework3

Note Assistant BC

0%)ort and a))ly !A" Notes. You will need to check with your co%)anyIs )olicy 'or note a))lication res)onsile. 0'  you have not a))lied and $!! note e'ore2 it is strongly reco%%ended your talk to your develo)er or Basis to learn aout )re*re8uisite and )ost*)rocessing activities. 0n so%e cases2 a develo)er key will e necessary.

 Trans)ort $rgani&er

BC

 Transaction to easily rowse thru data tales.

/ata Browser

Lock  Transactions

!M9:

!chedule Background  os

!M9;

$verview o' Background  os

Manage your trans)orts

!4C

Lock transaction to )revent users 1even i' authorised3 'ro% e(ecuting the transaction. sually security is res)onsile 'or this activity.

BC

,#C Access Controls uses a o scheduler via NWBC. !M9: os 'or connector sync2etc can e set u) via !M9:

BC

Allow you to view ackground os. All  os runti%es will show here2 even i' scheduled via NWBC.

!A9

ABA" #e)orting

ABA"

4(ecute !A" ABA" )rogra%s.

!49

ABA" 4ditor

ABA"

"rogra% 4ditor

!4D

$ect

ABA"

!A" /evelo)%ent workench2 %ost

Further details, links, etc.

Transaction

Description Key Area

Why is this useful?

Navigation

develo)%ent 'unctionality is availale 'ro% this transaction.

!49;

ABA" 5unction ABA"

M!M" !A" standard rules are usually 'unction %odules. You can look at the code i' you want to etter understand what is eing evaluated. Also co%es in handy 'or reak )oint i' you need to deug.

!4

ABA" Class

ABA"

use'ul i' you need to check the code and add a reak)oint to a %ethod

$$C

 Task Custo%i&ing

B/E

Logical !yste%s

Basis

#5C connections have to e de+ned as a logical syste% 1usually sa%e na%e3 to then re'erence in the integration 'ra%ework con+guration

!MEJ

#5C /estinations

Basis

#5C Con+guration

!M::7!MED

Work)rocess Basis

!0M

!-BC4-:DD:

!-BC4-:DD

!-BC4-:DDJ

!-BC4-:DDD

 Transactions 'or ser

Fiew the nu%er o' ackground work )rocess availale to de+ne as )art o' the integration 'ra%ework 'or ackground  o )rocessing

!4C

ser 0n'or%ation #e)orting syste%

!4C

#e)ort shows a list o' all transactions assigned to a user. This is a very hel)'ul re)ort to identi'y critical transactions as user has access to.

#oles y #ole Na%e !4C

#e)ort to +nd roles y co%)le( selection criterias. This re)ort can e used to +nd roles y descri)tion2 etc.

#oles y ser Assign%ent !4C

#e)ort shows a list o' all roles assigned to a user. This is very hel)'ul to have an overview o' all authori&ed roles a user have.

#oles y  Transaction Assign%ent

!4C

#e)orts shows a list o' all roles that includes a s)eci+c transaction. This is very hel)'ul to easily +nd )ossile roles to assign a transaction. /iscuss with Basis and !ecurity e'ore activating these as it )oses a security risk. 0' you receive a D9 5oridden error in NWBC it %eans a service needs to e activated 'or the wedyn)ro. You can also test the services here. 5or "!!74nd ser Login screens2 the !0C5 services need to e con+gured with the !ervice Account serna%e and "assword stored

!0C5

HTT" !ervices BC

,#AC-#4"-$B-!YNC

$ect #e) !ync

All

ser = #ole = "ro+le !ynchroni&ation  o

,#AC-!4#-!YNC

ser !ync

All

ser !ynchroni&ation o

,#AC-#$L4-!YNC

#ole !ync

All

#ole !ynchroni&ation o

All

#ole sage !ynchroni&ation o

,#AC-#$L4-!A,4-!YNC #ole sage

Further details, links, etc.

Transaction

Description Key Area

Why is this useful?

Further details, links, etc.

!ync ,#AC-ACT-!A,4-!YNC

Action sage !ync 4AM7A#A Action sage !ynchroni&ation o

,#AC-"#$50L4-!YNC

"ro+le !ync

All

"ro+le !ynchroni&ation o

,#AC-ATH-!YNC

Auth !ync

All

Authori&ation data !ynchroni&ation o

,#AC-!"M-!YNC

4AM !ync

4AM

4%ergency Access Manage%ent Master /ata !ynchroni&ation o

,#AC-!"M-W5-!YNC

4AM Work6ow !ynchroni&ati on 4AM

4%ergency Access Manag%e%ent Work6ow !ynchroni&ation o

,#AC-!"M-L$,-!YNC

4AM Log !ync 4AM

4%ergency Access Manage%ent Log !ynchroni&ation o  These transactions show all the relationshi)s etween oects in the structure considering the ti%e'ra%e o' each oect and the ti%e'ra%e o' the relationshi).

,#5N-!T#-/0!"LAY 7 ,#5N-!T#-CHAN,4

$rg !tructure 4()ert Change All

Both are considered su)er transactions which are really sensitive. They are e(clusive ,#C transactions to check $ects Hierarchy. The )oint o' ,#5N-!T#-CHAN,4 is that within this transaction you can change %aster data that you could not using 0. 0t %eans that the structure change transaction is not reco%%ended as you can cause severe data inconsistency in the syste% i' you use it without knowing it.

"5C,

#ole Maintenance Basis

#ole %aintenance to create and edit roles.

!D

ser Maintenance Basis

ser %aintenance

!4:

/ata Browser Basis

/ata rowser to view7add tale data

!M9D7!M97!M9

Fiew Maintenance Basis

!4: and !M9D essentially give direct access to tales in'or%ation. !M9D is restricted in a way that you cannot use the !M9D inter'ace to view all the tales. $nly tales with a %aintaince dialog de+ned can e accessed through !M9D. But there is no restriction on the access to tales in !4: as long as u have access to the authori&ation grou) )ertaining to the tale you will e ale to access the in'or%ation through !4:.

,#5NMW-A/M0N

M!M" "ower

W5

E #ole Maintenanc e in "5C, * !A" NetWeaver Business Client * !A" Lirary

Transaction

Description Key Area

Why is this useful?

Further details, links, etc.

ser 7 /eug

,#5NMW-CN-F4#A

M!M" "rocess Active Fersion Maint. W5

,#5NMW-/4B,

M!M" "rocess /eug !ettings W5

,#5NMW-/4B,-M!,

M!M" "rocess /eug Messages !ettings W5

,#5NMW-/4F-C$N50,

M!M" /evelo)%ent Con+guration W5

,#5NMW-/4F-#L4!

M!M" #ule ,eneration 7  Testing

W5

,#5NMW-,4N-F4#!0$N

,enerate Fersions 'or M!M" Con+g W5

,enerate version is use'ul to run a'ter you i%)ort a trans)ort 1)ost )rocessing activity3 instead o' going into M!M" screen to activate.

,#5NMW-M$N0T$#

M!M" Work6ow Monitoring

Monitoring o' the M!M" Work6ow statistics.

W5

4nd user 'or% ,#AC-4N/!#5$#M-!0C5 !0C5 service

,#AC-55$B-/!C-MA0NT

Maintain 4AM 55 $ect /escri)tion

,#AC-55$B-/!C-MNT

5ire+ghter $ect Maintenance

0/M !che%a ,#AC-0/M-!CH4MA-!YNC )date ,#AC-/ATA-M0,#AT0$N

ACD /ata Migration

,#AC-/4L4T4-#4"$#T-!

/elete #e)ort !)ool data

,#AC#ABATCH-M$N0T$#

Batch #isk Analysis Monitor

,#AC-AL4#T-,4N4#AT4

Alert ,eneration

"rogra% that generates alerts.

#isk Analysis 0n Batch Mode

$ine analysis is not real*ti%e data ut is de)endent on the date o' the last Batch #isk Analysis. The Batch #isk Analysis is run as ackground o in ,#C $nline vs. y using transaction ,#AC-BATCH-#A $ine #isk 1)rogra% ,#AC-BATCH-#0!K-ANALY!0!3. Analysis

,#AC-BATCH-#A

"rogra% to %igrate data 'ro% an earlier version.

 This )rogra% is used to %onitor the e(ecution status o' a running atch risk analysis. !A" ,#C AC D.D Alerting

Programs Program

"#,N-C$M"#4!!-T0M4!

 T@C!TH4L"

 T@$N4CH4CK 

Description

"rogra% to %erge the assign%ents o' identical users and roles2 )rovided the validity )eriods overla) with one another or i%%ediately 'ollow each other. Also you can delete e()ired assign%ents.

Why is this useful?

Fery hel)'ul to easily delete e()ired assign%ents or to clean u) the assign%ents a'ter a syste% co)y. "lease note that this )rogra% should not e run i' you have A#G in )lace 'or usiness roles )rovisioning. Be'ore 0nitial Load ...

 Trouleshooting !u))ort 'or  Ti%e @one !ettings

 Ti%e&one changes est )ractices * Basis Corner * !CN Wiki

Check Ti%e @one /ata 'or Consistency

 Ti%e&one changes est )ractices * Basis Corner * !CN Wiki !ynchroni&ation o' !A" ser Ad%inistration with an L/A"*Co%)ati * 0dentity Manage%ent * !A" Lirary

!ynchroni&ation o' !A" ser Ad%inistration with an L/A"* Co%)atile /irectory !ervice

#!L/A"!YNC-!4#

Further details, links, etc.

 o ser to send 4%ail re%inders to a))rovers ,#5NMW-BATCH-4MA0L-#4M0N/4 ased on nu%er o' days # and 're8uency  This )rogra% was use'ul 'or deleting non*actionale old re8uests 'ro% the syste% as ,#5NMW-BATCH-!TAL4-#4G4!T housekee)ing activity

#!C$NND

 This o used 'or sending e%ail 1and other ty)es o' co%%unication ite%s3

7,#C"07,#0A-/NL/#$L4!

/ownload roles data 'or %ass i%)ort

Tables Table

Description

,#AC#4F#4!4# A# #eected sers ,#AC#4#4A!$N

A# #eected #easons

,#AC#4#4A!$NT A# #eected #easons Te(ts !#D

ser Logon /ata

GRACOWNER

Master Table for Central Owner Administration

Why is this useful?

5urther details2 links2 etc.

Table

Description

Why is this useful?

5urther details2 links2 etc.