SAP Sensitive transaction risk is created when the user or role has access to a particular transaction. For example user could have transaction
SCC4 which is to create a client or SU10 which is a mass change user. There are many SAP Sensitive Risk transactions in the SAP System. The majority of them will be basis, configuration or mass change.
Example User Administration Transactions
GCE1 Maintain User
OOUS Maintain User
OP15 Production User Profile
OPE9 Maintain User Profile
OPF0 Maintain User
OTZ1 C FI Users
OVZ6 C SD Maintain User Profile
OY21 User profiles-Customizing
OY27 Create super user Customizing
SCUG Transfer Users
SCUM Central User Administration
SU01 User Maintenance
SU05 Maintain Internet Users
SU10 User Mass Maintenance
SU12 Mass Changes to User Master Records
SU80 Archive user change documents
SU81 Archive user password change doc.
SUGR Maintain User Groups
Key benefits of running SAP Sensitive Risk analysis report
- You can identify all the display roles having access to change or sensitive transactions. Most of the time if the sensitive transaction
is not part of the SAP SOD Rule set this risk may be hidden
- Identify the functional roles having access to other functional area transactions. For example a Sales and distribution roles having
access to human resources transactions or basis transactions.
- When the SAP Sensitive risk analysis is performed at the user level it can identify the user getting access to other
functional area transactions due cross pollinations of authorization.
Ongoing monitoring:
A monthly review of the SAP Sensitive risk at the role and user level has to be performed to monitor the risk constantly