02-16-2009 7:33 AM
Dear All,
I have created the single role with every user by his name . When I am searching the user name who have me21n transection authoriazation with suim tranasection . The ME21N authorization is shown in 4 users but when I am searching this transection in users role it is not showing there .
Why it showing in suim ?
What is the best way to search about user authorization and remove it ?
What is diff between role and profile ?
what is single role and composite role ?
Thanks
02-16-2009 7:44 AM
Why it showing in suim ?
It maybe becuase it is getting the authorization from a composite role.
What is the best way to search about user authorization and remove it ?
What you are using currently is good.
What is diff between role and profile ?
A role contains a profile. A profile contains the relevant authorization object attached with a transaction.
A role on the other hand contains only the transactions.
what is single role and composite role ?
A Composite 2 or more single roles. A composite role dosent have a profile.
02-16-2009 8:01 AM
> When I am searching the user name who have me21n transection authoriazation with suim tranasection . The ME21N authorization is shown in 4 users but when I am searching this transection in users role it is not showing there .
>
> Why it showing in suim ?
Some reports in SUIM may show different results. The reports concerning transaction assignments for roles or users can look in different tables, either the 'real' authorizations or the role menu contents. This may lead to your confusing results.
To be on the safe side I always advise to search for authorization values, object S_TCODE.
02-17-2009 2:57 AM
Go to Roles by complex selection criteria in SUIM.
In the Selection according to user assignments -> Give the user for whom you want to find the role with ME21N t-code access
In the Selection according to authorization values -> Object 1 -> Put S_TCODE -> Hit Enter or click on Entry values -> Put Me21N as the Transaction code value.
The report will give you the role from where your user is getting ME21N. You can take corrective action from there on.
possibly ME21N has been manually added with manual addition of S_TCODE auth object and hence it is not showing when you execute it by putting the t-code in transaction code field.
As Jurjen already pointed out it is always better to find roles for a t-code by putting S_tcode and the t-code in Selection according to Authorization values area
Edited by: Nishant Sourabh on Feb 17, 2009 3:58 AM
03-13-2009 12:08 AM
Hi
Why it showing in suim ?
The SUIM will search the data according to our search crieteria from different tables so the result may be different. In your case the reasons may be
1. The tcode ME21N is added by manually added to the object S_TCODE.
2. In older SAP versions like 4.6C and below SUIM will fetch the data based on single crieteria only instead of multiple.
3. May be the roles are not in sync with user data in the buffer. So we have to make manual user comaprison for each role.
The best way is to search the values from object level.
Cheers..
03-15-2009 5:47 PM
03-13-2009 6:18 AM
<copy&paste_from_saphelp_removed_by_moderator>
Edited by: Julius Bussche on Mar 13, 2009 7:31 AM
03-16-2009 8:27 AM
hi,
Since you are saying that you have identified 4 users who had this access, I would suggest you to use SU56 and run this for these 4 users and here you can find through which role they are getting this access.
For best results if you have ECC then you can run SU56 with S_tode object and then with CTRL+F search for this ME21N tcode and you will be taken to the role which is giving this access.
Hope this helps you. All the best.
Regards,