This page contains some sample reports generated in Axis to give an understanding of some of reports that can be generated in Axis. Reports in Axis can be generated either in PDF, Word, HTML, RTF or EXCEL formats. Sample reports on this are in either PDF or Excel format. All names, custom profiles, authorizations and object values in the reports are fictitious. However most SAP standard profiles have been retained.
Segregation of Duties Report - By User
Segregation of Duties reports can be generated by User or Role. The reports below are sample Segregation of Duties reports - By User, run using an SoD Violation Definition Preset. The example below reports all users who can Create a Master Record and Post a Document.
The report is broken up in four sections :
• Summary - This reports all users who meet the SoD criteria. The summary report documents the risk definition and risk level of the SoD violation definition. The sample reports below also lists all users who have access to each transaction though they do not meet the SoD violation criteria. There is a Report Parameter which you can set to filter the output so as to report only users who meet the SoD Violation condition. The advantage of listing all users who can have access to each transaction is that the report also can be used to identify users who have inappropriate access to sensitive transactions. PDF reports are cross referenced - clicking on the appropriate column in the Summary will take you to the appropriate section in the Detail Report providing the supporting Role, profile and authorization object values for each transaction in the Summary section. Clicking on the User in the detail section will take you back to the Summary section.
• Detail - This section reports Roles, profiles, authorizations and authorization object values that give each user access to the specific transaction. This sections provides all the detailed information validating the Summary section and can be used as the basis for making changes in the SAP system.
• Parameter - This section documents all the parameters used to generate the SoD report. This section details the various reporting options selected, the settings used for generating this report and authorization object values checked for each transaction. Axis, takes into account all authorizations that have been deactivated in the SAP installation (both globally deactivated authorization objects and Tcode level based deactivation of authorization objects).
The SOD reports are available in several formats, a few of the different formats are shown below:
Sample Segregation Of Duties Report [1 - 1] Tcode base [PDF]
Sample Segregation Of Duties Report[1 - 1]- Tcode based [Excel]
Sample Segregation Of Duties Report[Many - Many]- Tcode based with Sensitive Access Reporting[Excel]
Sample Segregation Of Duties Report[Many - Many]- Tcode based without Sensitive Access Reporting[Excel]
Sample Segregation Of Duties Report - Non Tcode based [PDF]
SOD reports can also be generated by Role. Contact us if you would like to see some sample SOD reports by Role.
Segregation of Duties Report by User- Within the Organization Structure The same SOD reporting option can be used to report for user access within SAP Organization structure. In The sample below reports users who can Post a Document to company codes CO1, C02, CO3. For the sample report below the Parameter 'Exclude Deactivated Authorizations' has been set to 'No' so that the object F_BKPF_BUK is also checked.
Sample Report within Organization Structure
Segregation of Duties Report by User - Run as a Batch with Documentation of Compensating Controls
Multiple SOD Preset violation definitions can be combined and run together as a batch. There is no limit to the number of Presets that can be run in a single batch.The Consolidated Summary report documents the SoD violation definition, the risk definition and risk level of the SoD violation definition. Axis, allows you to document any compensating controls that might exist for any SOD violation definition and documents these controls in the Batch Consolidated Summary section. The sample report below is for a Batch with 4 SOD Presets. Only the Consolidated Summary and Preset Summary Sections has been selected for generation to reduce the size of the report for web viewing, though you can generate Batch reports complete with supporting details with the ability to drill right down to authorization object field value level supporting details for each SoD Violation Preset Definition.
Sample Batch Report with Compensating Controls Documented
User- Role Reports
Axis can list all Roles for users and document all authorization object values assigned to users. Two sample User - Roles reports shown below.
Sample User- Role- Profile Summary Report [Excel]
Sample User- Role- Profile Detail Report [Excel]
All Authorizations for a User
Axis can list all authorizations for all users in a single query. The sample report below lists authorizations for a single user and single profile to ensure that a small report is generated. The report list all Composite profiles, profiles within each Composite profiles in a tree structure giving a complete picture of authorizations for each user. In the sample report take look at the authorization F_BUCH_ALL to see a multi level exploded Composite Profile.
Sample Report All Authorizations for a User
Composite Profile Profile Relationship Listing
Composite profiles are printed in a tree structure listing all the child profiles for a Composite Profile. You can report all profiles for all Composite Profiles in a single query, however this sample report lists child profiles only for a single Composite Profile. This report only lists the child profile names. Another report is available in Axis which prints all authorization values within each child profile.
Sample Report Composite Profile Relationship Listing
Comparison Reports Between Two Periods
Axis supports multiple clients and periods. Support of multiple periods allows comparison of users, profiles and authorization values between any two periods. You can use these reports to identify changes made to
authorization data between any two periods of time.
Sample Report - User Comparison Between 2 Periods
Sample Report - User Profile Detail Comparison Report Between 2 Periods
Ad Hoc Queries
Axis provides reporting templates to generate ad hoc queries at a Role, User, Profile, Authorization Object level.
The sample report below reports all users with supporting details of all Users who Have been assigned Profiles or Roles with wildcard S_TCODE authorization object values.
Sample Report - Users who Have Been Assigned Wildcard S_TCODE Authorization Object values
The sample report below is an ad hoc query on Profiles which contain the authorization objects required for Posting a Document. A summary Report and detailed tree structure Profile report is generated along with the parameters used to generate the report.
Sample Report - Profiles that contain Authorization Object values to Post a Document
Axis has a large number of other reports which can help you in managing risks in your SAP implementation. If you have any query on the functionality, any specific feature, availability of a specific report or require further information on the product please contact us at info@axxiominfo.com .
[Last Updated : 31 August 2007]
|
