Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant
Transactions
Transaction
Description Key Area
Why is this useful?
NWBC
Launch Netweaver Business Client
All
launch NWBC HTML. You will need to have work centre roles assigned or uild you own.
!"#$
Custo%i&ing
All
!el' e()lanatory * con+guration entry )oint 'or oth ,#C and )lug*in syste%s
,#AC-"L$A/-M0T-A!,N
)load Mitigation Assi Assign gn%e %ent nts s A#A A#A
)load a huge nu%er o' %itigation 1user2 role2 )ro+le3 in one shot. You can either a))end your current %itigations or overwrite. "rogra% ,#AC-"L$A/-M0T-A!!0,NM4NT!.
Further details, links, etc.
Mass change o' Mitigation Assign%ent s
/ownload Mitigation ,#AC-/WL$A/-M0T-A!,N Assi Assign gn%e %ent nts s A#A A#A
Mass change o' /ownload a huge nu%er o' %itigation Mitigation 1user2 role2 )ro+le3 in one shot. "rogra% Assign%ent ,#AC-/$WNL$A/-M0T-A!!0,NM4NT!. s
M!M" Work6ow ,#5NMW-C$N50,#4-W/ Con+gu Con+gura ratio tion n W5
M!M" Work6ow Con+guration * standard view 1we dyn)ro will launch3
M!M" Work6ow Con+ Con+g g 4()e 4()ert rt W5
!A" ,0 e()ert %ode to con+guration work6ow con+guration. con+guration. /o not use this transaction i' you not 'a%iliar or strong with M!M" con+guration as you will risk corru)ting your uild. This is use'ul i' you need to retrans)ort or trans)ort all o' the M!M" in one go as you can select it like an 0M, tale.
,#5NMW-C$N50,#4
M!M" 0nstance ,#5NMW-/B,M$N0T$#-W #unti%e / Monitor
!W// !W0A
Work6ow Builder
W5
Co%)rehensive view o' the work6ow e(ecution 'or M!M" evaluation including !tage7"ath calculation2 )rovisioning notes2 noti+cations and agents. This is use'ul 'or an Ad%inistrator to track issues with an M!M" a'ter a re8uest has een su%itted.
W5
nlikely you will need to go into this transaction as the Wor'klows 'or !A" are out o' the o( and M!M" is used. You can identi'y the M!M" integration 'ro% here.
W5
!A" standard work6ow. This will allow you to check the current Work6ow and Task Task nu%ers. nu%ers. 0' the M!M" 0nstance #unti%e shows the work6ow is co%)leted ut !W0A is not co%)leted
Transaction
Description Key Area
Why is this useful?
then there is an issue with the work6ow con+guration. Check Market)lace incase there is a correction.
,#AC-#$L4-MA!!-0M"#T
Mass #ole 0%)ort 'ro% Backend !yste%
,#AC-!"M-CL4AN"
Cleanu) 4AM A))lication /ata 4AM
"rogra% to clean u) 4AM tales.
4AM Logon "ad
5or centrali&ed +re+ghting2 you use ,#AC-4AM to o)en the 4AM Launch)ad on the ,#C syste%. 5or decentrali&ed +re+ghting2 you use 7,#C"07,#0A-4AM to o)en the 4AM Launch)ad on the )lug*in syste%s. The launch)ad 'or centrali&ed +re+ghting dis)lays all the )lug*in syste%s to which you have access. The launch)ad 'or decentrali&ed +re+ghting does not dis)lay any syste%s ecause it allows you to access only the current )lug*in syste%.
,#AC-4AM7,#AC-!"M and 7,#C"07,#0A-4AM
B#M
4AM
,#AC-"L$A/-#L4!
)load Access Control #ules A#A
,#AC-C$"Y-#L4!
Co)y Access Control #ules A#A
This is availale in the 0M, navigation and allows you to i%)ort the rule set. Note2 i' you have work6ow activated 'or you ruleset it will not trigger work6ow. tility 'or co)ying !$/ rules 'ro% one syste% to another o' sa%e ty)e.
/elete Access Control #ules A#A
This is availale in the 0M, navigation and allows you to delete the rule set. Note2 i' you have work6ow activated 'or you ruleset it will not trigger work6ow.
/ownload Access ,#AC-/$WNL$A/-#L4! Control #ules A#A
This is availale in the 0M, navigation and allows you to download the rule set. #eco%%end you save a selection variant with the +le na%e and )aths so you do not have to continually %aintain the%.
,#AC-,4N4#AT4-#L4!
,enerate Access Control #ules A#A
This is availale in the 0M, navigation and allows you to %ass generate the rules. You can also e(ecute this via NWBC2 however2 this )rogra% would allow you to schedule in ackground via !M9:79;
,#AC-#L4-T#AN!"$#T
Trans)ort Access Controls #ules A#A
This is availale via 0M, navigation and allows to %ass trans)ort the rule set.
4()ort #isk Analysis /ata 1e.g. when the +le is too ig 'or the we3 A#A
"rogra% to download the results o' the risk analysis to a local +le.
#isk Analysis A#A in Batch Mode
This is availale in the 0M, navigation and triggers the )rogra% 'or you to
,#AC-#L4-/4L4T4
,#AC-4<"$#T-#A ,#AC-BATCH-#A
Further details, links, etc.
Transaction
Description Key Area
Why is this useful?
Further details, links, etc.
schedule atch risk analysis. 4nsure your con+guration )ara%eters are set
,#AC-,4N4#AT4-#L4!
,#AC-,4N-4#M-B#5#L4
B#5"L!
!T@A/
B#5)lus Workench Custo%i&ing Ti%e @ones
W5
Build M!M" rules 1usually B#5=3. #e'er to co%%ent elow 'or creating a))lication +rst.
W57B#M
Build the B#5= #ules 'or B#M role %ethodology and a))roval conditions grou)s. Note2 e'ore running to to B#5= and create a shell a))lication that has een assigned to a trans)ort and activated. se this a))lication in your de+nition. 0' not2 it gets created in >TM"
W5
Alternative transactions? B#5= and 5/T-Workench. You can %aintain the B#5= rules here and trans)ort through to "roduction.
BC
/iscuss with Basis e'ore %aking any changes to ti%e&one as it can i%)act 4AM log collections2 etc.
BC
A))lication log dis)lay. 0t is use'ul to track error %essages. Most ,#C authorisations errors will show in the a))lication log
!L,
/is)lay A))lication Logs
!4:
!A" /ocu%entatio n 14%ail te%)lates2 etc.3 All
!4:9
Translations
All
/ocu%ent %aintenance. This transaction enales you to directly translate individual oects. Activate BC !ets * Business Con+guratio n !ets 1BC* C!3 * !A" Lirary
!C"#D
Activate BC !ets
""$M
Maintain $rgani&ational "lan Basis
Maintain $rgani&ational "lan
!A"conncet !end #e8uests
Check i' there has een an issue with sending on e%ail noti+cations or re)rocess re8uests. Transaction !$!B can e restricted to li%ited 'unctionality. Tcode !$!T
!C$T
!A"connect Ad%inistrationBasis
Con+guration o' !A"Connect. /iscuss with your Basis tea%. Take care in enaling in Non*"roduction environ%ent so you do not accidentally send e%ails to users and add con'usion. 0' enaled 'or Non*"rod2 reco%%end you )ut du%%y e%ail addresses on the user accounts.
!TD7!TATHT#AC47!TDE
!yste% Trace
Trace 'or an a))lication server. !TD is
!$!T7!$!B
Basis
Activation o' BC !ets.
Transaction
Description Key Area
Why is this useful?
use'ul 'or authorisation checks and include dataase calls2 kernel and #5C. !TATHT#AC4 is new version 'or security tracing with ALF 'unctionality and drill down 1hea)s easier to inte)ret than !TD3. !TDE co%es in handy to trace !GL calls to +nd the tale where in'or%ation has een stored.
!M
4n8ueue Locks
Basis
!TA/
/is)lay !tatistics 'or all syste%s
Basis
!CC
!N$T4 !4D7!4DJ !4: 7 !4:N
!MD
You can access this in dis)lay %ode only. 0t can e a 8uick way to +nd which tales your data is stored in. ,o into the NWBC screen in change %ode so it )uts a lock on the tales. $)en a new session and go to !M to +nd the tales.
4AM 55 logs i%)ort !TA/ in'or%ation
Client Ad%inistration
Aility to change client setting to enale cross*client changes. /o not %ake changes to these settings without discussing with Basis. /e)ending on your landsca)e strategy you %ay need to %aintain so%e 0M, settings directly in the client 1such as integration 'ra%ework3
Note Assistant BC
0%)ort and a))ly !A" Notes. You will need to check with your co%)anyIs )olicy 'or note a))lication res)onsile. 0' you have not a))lied and $!! note e'ore2 it is strongly reco%%ended your talk to your develo)er or Basis to learn aout )re*re8uisite and )ost*)rocessing activities. 0n so%e cases2 a develo)er key will e necessary.
Trans)ort $rgani&er
BC
Transaction to easily rowse thru data tales.
/ata Browser
Lock Transactions
!M9:
!chedule Background os
!M9;
$verview o' Background os
Manage your trans)orts
!4C
Lock transaction to )revent users 1even i' authorised3 'ro% e(ecuting the transaction. sually security is res)onsile 'or this activity.
BC
,#C Access Controls uses a o scheduler via NWBC. !M9: os 'or connector sync2etc can e set u) via !M9:
BC
Allow you to view ackground os. All os runti%es will show here2 even i' scheduled via NWBC.
!A9
ABA" #e)orting
ABA"
4(ecute !A" ABA" )rogra%s.
!49
ABA" 4ditor
ABA"
"rogra% 4ditor
!4D
$ect
ABA"
!A" /evelo)%ent workench2 %ost
Further details, links, etc.
Transaction
Description Key Area
Why is this useful?
Navigation
develo)%ent 'unctionality is availale 'ro% this transaction.
!49;
ABA" 5unction ABA"
M!M" !A" standard rules are usually 'unction %odules. You can look at the code i' you want to etter understand what is eing evaluated. Also co%es in handy 'or reak )oint i' you need to deug.
!4
ABA" Class
ABA"
use'ul i' you need to check the code and add a reak)oint to a %ethod
$$C
Task Custo%i&ing
B/E
Logical !yste%s
Basis
#5C connections have to e de+ned as a logical syste% 1usually sa%e na%e3 to then re'erence in the integration 'ra%ework con+guration
!MEJ
#5C /estinations
Basis
#5C Con+guration
!M::7!MED
Work)rocess Basis
!0M
!-BC4-:DD:
!-BC4-:DD
!-BC4-:DDJ
!-BC4-:DDD
Transactions 'or ser
Fiew the nu%er o' ackground work )rocess availale to de+ne as )art o' the integration 'ra%ework 'or ackground o )rocessing
!4C
ser 0n'or%ation #e)orting syste%
!4C
#e)ort shows a list o' all transactions assigned to a user. This is a very hel)'ul re)ort to identi'y critical transactions as user has access to.
#oles y #ole Na%e !4C
#e)ort to +nd roles y co%)le( selection criterias. This re)ort can e used to +nd roles y descri)tion2 etc.
#oles y ser Assign%ent !4C
#e)ort shows a list o' all roles assigned to a user. This is very hel)'ul to have an overview o' all authori&ed roles a user have.
#oles y Transaction Assign%ent
!4C
#e)orts shows a list o' all roles that includes a s)eci+c transaction. This is very hel)'ul to easily +nd )ossile roles to assign a transaction. /iscuss with Basis and !ecurity e'ore activating these as it )oses a security risk. 0' you receive a D9 5oridden error in NWBC it %eans a service needs to e activated 'or the wedyn)ro. You can also test the services here. 5or "!!74nd ser Login screens2 the !0C5 services need to e con+gured with the !ervice Account serna%e and "assword stored
!0C5
HTT" !ervices BC
,#AC-#4"-$B-!YNC
$ect #e) !ync
All
ser = #ole = "ro+le !ynchroni&ation o
,#AC-!4#-!YNC
ser !ync
All
ser !ynchroni&ation o
,#AC-#$L4-!YNC
#ole !ync
All
#ole !ynchroni&ation o
All
#ole sage !ynchroni&ation o
,#AC-#$L4-!A,4-!YNC #ole sage
Further details, links, etc.
Transaction
Description Key Area
Why is this useful?
Further details, links, etc.
!ync ,#AC-ACT-!A,4-!YNC
Action sage !ync 4AM7A#A Action sage !ynchroni&ation o
,#AC-"#$50L4-!YNC
"ro+le !ync
All
"ro+le !ynchroni&ation o
,#AC-ATH-!YNC
Auth !ync
All
Authori&ation data !ynchroni&ation o
,#AC-!"M-!YNC
4AM !ync
4AM
4%ergency Access Manage%ent Master /ata !ynchroni&ation o
,#AC-!"M-W5-!YNC
4AM Work6ow !ynchroni&ati on 4AM
4%ergency Access Manag%e%ent Work6ow !ynchroni&ation o
,#AC-!"M-L$,-!YNC
4AM Log !ync 4AM
4%ergency Access Manage%ent Log !ynchroni&ation o These transactions show all the relationshi)s etween oects in the structure considering the ti%e'ra%e o' each oect and the ti%e'ra%e o' the relationshi).
,#5N-!T#-/0!"LAY 7 ,#5N-!T#-CHAN,4
$rg !tructure 4()ert Change All
Both are considered su)er transactions which are really sensitive. They are e(clusive ,#C transactions to check $ects Hierarchy. The )oint o' ,#5N-!T#-CHAN,4 is that within this transaction you can change %aster data that you could not using 0. 0t %eans that the structure change transaction is not reco%%ended as you can cause severe data inconsistency in the syste% i' you use it without knowing it.
"5C,
#ole Maintenance Basis
#ole %aintenance to create and edit roles.
!D
ser Maintenance Basis
ser %aintenance
!4:
/ata Browser Basis
/ata rowser to view7add tale data
!M9D7!M97!M9
Fiew Maintenance Basis
!4: and !M9D essentially give direct access to tales in'or%ation. !M9D is restricted in a way that you cannot use the !M9D inter'ace to view all the tales. $nly tales with a %aintaince dialog de+ned can e accessed through !M9D. But there is no restriction on the access to tales in !4: as long as u have access to the authori&ation grou) )ertaining to the tale you will e ale to access the in'or%ation through !4:.
,#5NMW-A/M0N
M!M" "ower
W5
E #ole Maintenanc e in "5C, * !A" NetWeaver Business Client * !A" Lirary
Transaction
Description Key Area
Why is this useful?
Further details, links, etc.
ser 7 /eug
,#5NMW-CN-F4#A
M!M" "rocess Active Fersion Maint. W5
,#5NMW-/4B,
M!M" "rocess /eug !ettings W5
,#5NMW-/4B,-M!,
M!M" "rocess /eug Messages !ettings W5
,#5NMW-/4F-C$N50,
M!M" /evelo)%ent Con+guration W5
,#5NMW-/4F-#L4!
M!M" #ule ,eneration 7 Testing
W5
,#5NMW-,4N-F4#!0$N
,enerate Fersions 'or M!M" Con+g W5
,enerate version is use'ul to run a'ter you i%)ort a trans)ort 1)ost )rocessing activity3 instead o' going into M!M" screen to activate.
,#5NMW-M$N0T$#
M!M" Work6ow Monitoring
Monitoring o' the M!M" Work6ow statistics.
W5
4nd user 'or% ,#AC-4N/!#5$#M-!0C5 !0C5 service
,#AC-55$B-/!C-MA0NT
Maintain 4AM 55 $ect /escri)tion
,#AC-55$B-/!C-MNT
5ire+ghter $ect Maintenance
0/M !che%a ,#AC-0/M-!CH4MA-!YNC )date ,#AC-/ATA-M0,#AT0$N
ACD /ata Migration
,#AC-/4L4T4-#4"$#T-!
/elete #e)ort !)ool data
,#AC#ABATCH-M$N0T$#
Batch #isk Analysis Monitor
,#AC-AL4#T-,4N4#AT4
Alert ,eneration
"rogra% that generates alerts.
#isk Analysis 0n Batch Mode
$ine analysis is not real*ti%e data ut is de)endent on the date o' the last Batch #isk Analysis. The Batch #isk Analysis is run as ackground o in ,#C $nline vs. y using transaction ,#AC-BATCH-#A $ine #isk 1)rogra% ,#AC-BATCH-#0!K-ANALY!0!3. Analysis
,#AC-BATCH-#A
"rogra% to %igrate data 'ro% an earlier version.
This )rogra% is used to %onitor the e(ecution status o' a running atch risk analysis. !A" ,#C AC D.D Alerting
Programs Program
"#,N-C$M"#4!!-T0M4!
T@C!TH4L"
T@$N4CH4CK
Description
"rogra% to %erge the assign%ents o' identical users and roles2 )rovided the validity )eriods overla) with one another or i%%ediately 'ollow each other. Also you can delete e()ired assign%ents.
Why is this useful?
Fery hel)'ul to easily delete e()ired assign%ents or to clean u) the assign%ents a'ter a syste% co)y. "lease note that this )rogra% should not e run i' you have A#G in )lace 'or usiness roles )rovisioning. Be'ore 0nitial Load ...
Trouleshooting !u))ort 'or Ti%e @one !ettings
Ti%e&one changes est )ractices * Basis Corner * !CN Wiki
Check Ti%e @one /ata 'or Consistency
Ti%e&one changes est )ractices * Basis Corner * !CN Wiki !ynchroni&ation o' !A" ser Ad%inistration with an L/A"*Co%)ati * 0dentity Manage%ent * !A" Lirary
!ynchroni&ation o' !A" ser Ad%inistration with an L/A"* Co%)atile /irectory !ervice
#!L/A"!YNC-!4#
Further details, links, etc.
o ser to send 4%ail re%inders to a))rovers ,#5NMW-BATCH-4MA0L-#4M0N/4 ased on nu%er o' days # and 're8uency This )rogra% was use'ul 'or deleting non*actionale old re8uests 'ro% the syste% as ,#5NMW-BATCH-!TAL4-#4G4!T housekee)ing activity
#!C$NND
This o used 'or sending e%ail 1and other ty)es o' co%%unication ite%s3
7,#C"07,#0A-/NL/#$L4!
/ownload roles data 'or %ass i%)ort
Tables Table
Description
,#AC#4F#4!4# A# #eected sers ,#AC#4#4A!$N
A# #eected #easons
,#AC#4#4A!$NT A# #eected #easons Te(ts !#D
ser Logon /ata
GRACOWNER
Master Table for Central Owner Administration
Why is this useful?
5urther details2 links2 etc.
Table
Description
Why is this useful?
5urther details2 links2 etc.