on 02-17-2006 7:16 PM
Hello community,
What is the best way to determine which users (and which job roles) have the ability to create and maintain user master records ?
I have found a number of authorization objects, for example :
S_USER_GRP
S_USER_PRO
S_USER_AGR
S_USER_AUT
S_USER_TCD
S_USER_VAL
However, I wonder if there is not an easer way to gather this information ? For example, is there not a single report that could be run which will tell you the users / job roles authorized to maintain user master records in your system ?
Thanks!
Keith
Did you try Transaction SUIM ?
Thanks
Prince
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes,
I am using SUIM very heavily. But still it is quite complex because there are a number of authorization objects, and a number of possible values for each object.
And you must search for users, and for roles.
I'm wondering if there isn't an easier way to go about collecting this information ?
And if SUIM is the answer, then which approach to SUIM should one take to most quickly find the answer ?
Thanks!
Yes, I am in the process of doing just that. However, it is very manual.
For example, I have been repeating the steps you mention above for each value of each authorization object.
I had hoped that instead there would be a SOX related transaction or program that would give a formatted report without forcing you to look at each authorization object / value by hand.
Hi Keith,
You can run SUIM=>User=>Users by complex selection criteria specifying S_USER_AUT in the "Selection by values" selection option and 01, 02, 06, 07 as values for Activity. An output should give you an idea which users are allowed to update master user records. For more accurate result you should check whether these users have auth. to run SU01, SU10, SE38.
SU24 can also be helpful in some cases.
Regards,
Mike
User | Count |
---|---|
78 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.