Skip to Content

SAP Sensitive transaction risk is created when the user or role has access to a particular transaction. For example user could have transaction
SCC4 which is to create a client or SU10 which is a mass change user. There are many SAP Sensitive Risk transactions in the SAP System. The majority of them will be basis, configuration or mass change. 

Example User Administration Transactions

GCE1     Maintain User

OOUS    Maintain User

OP15     Production User Profile

OPE9     Maintain User Profile

OPF0     Maintain User

OTZ1      C FI Users

OVZ6     C SD Maintain User Profile

OY21      User profiles-Customizing

OY27      Create super user Customizing

SCUG    Transfer Users

SCUM   Central User Administration

SU01      User Maintenance

SU05      Maintain Internet Users

SU10      User Mass Maintenance

SU12      Mass Changes to User Master Records

SU80      Archive user change documents

SU81      Archive user password change doc.

SUGR    Maintain User Groups

Key benefits of running SAP Sensitive Risk analysis report

  1. You can identify all the display roles having access to change or sensitive transactions.  Most of the time if the sensitive transaction
    is not part of the SAP SOD Rule set this risk may be hidden   
  1. Identify the functional roles having access to other functional area transactions. For example a Sales and distribution roles having
    access to human resources transactions or basis transactions.  
  1. When the SAP Sensitive risk analysis is performed at the user level it can identify the user getting access to other
    functional area transactions due cross pollinations of authorization.

Ongoing monitoring:

A monthly review of the SAP Sensitive risk at the role and user level has to be performed to monitor the risk constantly

To report this post you need to login first.