Dear Everyone !
I would like to ask everyone some help in relation to SAP transactions CV04N / Cv03N.It is clear to us that the transaction CV04N ( allows access to records of type design documents, manuals, installation drawings, special product, etc; also allows viewing and printing), requires that end user have : S_GUI (Object Authority S_GUI, ACTVT: 61-Export) enabled.But through the execution of transaction SU24, CV04N does not check this authorization:
But according to business analysts the transaction that effectively execute CVO4N is CV03N.
and when we execute SU24 for transaction CV03N the object S_GUI didn't appear too.
But when we execute CV04N, we can check through transaction SU53 that this object is being checked. But our company intend to decrement the use of Object Authority S_GUI, ACTVT: 61-Export because it increments the possibility of information leakage.But in fact we have experienced an increase of 19.06% in the number of users with access to the object "export " after migration to SAP E6.0 because we do not have a solution to the transactions CV04N / CV03N without export.
Then we have the following questions:
1) Is it possible to execute the transaction CV04N (which is in fact performed by transaction CV03N) without the object S_GUI ? (Authority Object S_GUI, ACTVT: 61-Export) ?
2) Is it possible to have the object S_GUI (Authority Object S_GUI, ACTVT: 61-Export) and somehow to avoid that the end user can export information out of SAP (for archives excel, text, etc) ? so to avoid possible leak of information ?
3) Why transaction SU24 (for transactions CV04N and CV03N) doesn't show us that there are necessity of "authorization check" in relation to object S_GUI but when we have execute CV04N appears this necessity ?
Please, I would like to ask your help becuase the tendency is to grow the number of users who need the export object, and it increases the possibility of information leakage. I would like to ask you to involve SAP in this issue because we consider that this point create an issue in relation SAP security due to increase the possibility of information leakage on any SAP environment.
Thank you very much
Elevadores Atlas Schindler
Avenida do Estado Numero: 6116
CEP: 01516-900 -Sâo Paulo -SP
Mobile phone: 55-11-8954-3040
April 18, 2011 4:54 PM
November 8, 2012 4:26 PM