01-31-2024 1:56 PM - edited 01-31-2024 6:24 PM
We recently discovered the process of installing Fiori apps using Rapid Activation process.
I'm wondering which team usually runs this process? The Fiori Admin, Basis, Security?
The tool creates and activates odata/app services, then it creates new Z roles as copies of SAP's business roles. Those SAP roles are wide open and have tons of authorizations with blank activites *. There is no way our Security team will allow Fiori team or Basis to run this tcode.
I'm curious to know how do other organizations handle this Rapid Activation process? and move it across the environments?
Would appreciate some suggestions. Thanks
There is no way our Security team will allow Fiori team or Basis to run this tcode.
They should allow. No one is forced to use those roles. Just run it and let the security team create specific roles based on their internal procedures.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The problem is that the Rapid Activation tcode gives you the ability to "assign generated business roles to users", by just clicking a checkbox.
In a production stream, the Security Team does not want anyone to be able to assign roles to users, especially these SAP roles that are wide open. It's not proper practice, and it can easily lead to security issues getting out of hand.
SAP states that the roles generated through the rapid activation are for testing purposes only. You do that step only to assign the roles in order to check that the apps are working properly, but it is not mandatory if I'm not mistaken. Tell the security team to do it themselves if they don't trust you guys to not have a checkbox selected...
Also, this should be done in the DEV system so it's not like users could ruin everything if you guys checked the box by mistake and also selected the users by mistake...
User | Count |
---|---|
75 | |
9 | |
8 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.