Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SUIM Change Logs

Former Member

‎04-30-2009 7:55 AM

0 Kudos

Hi Gurus,

We have some users who have been all of a sudden complaining of missing access. the change logs shows that a profile has been deleted. however, there is no corresponding role name shown in " Text for old value".

i checked in the table agr_prof to see the role name corresponding to the deleted profile but its shows nothing.

Can anybody provide some inputs on this?

Just to add....we are in the middle of an upgrade and the roles were updated by us based on the results from su25

Thanks,

Vinaya

8 REPLIES 8

former_member187565
Active Contributor

‎04-30-2009 8:32 AM

0 Kudos

Hi,

In SUIM check the change document option.Give the user name and check the logs of each user

Former Member
In response to former_member187565

‎04-30-2009 6:52 PM

0 Kudos

Hi,

Check in SU01 ....information--> change by role

Here you will get the exact information.

Please let me know is there any problem to check the above.

BR,

Bikshamaiah.G

jurjen_heeck
Active Contributor

‎04-30-2009 8:41 AM

0 Kudos

> the change logs shows that a profile has been deleted. however, there is no corresponding role name shown in " Text for old value".

Sounds like someone ran PFCG_TIME_DEPENDENCY or hit some buttons in transaction PFUD. That would cause all profiles without roles (direct assignments) and profiles for roles with out-of-date assignments to be removed from the user masters.

I'd suggest you to build roles based on these profiles so you can re-assign them via the roles and prevent this from happening in the future.

Former Member

‎04-30-2009 9:13 AM

0 Kudos

Hi,

There could be another possibility that some one could have changed roles assigned to the user. A big role can have more than one profile, deleting some entries from it could have deleted this profile. Check all the roles assigned to user and last changed by date under authorizations tab. You can also find change documents to roles in SUIM--> Change documents --> roles --> authorization data

Regards,

Gowrinadh

Former Member

‎04-30-2009 1:54 PM

0 Kudos

Hi

Security audit log(sm20) is also used to record security related changes to the SAP system environment. You may use it to see changes to user master record.

Ravi

Former Member

‎05-01-2009 11:38 PM

0 Kudos

Hi,

Your are able to find the profile which was deleted... right.

Now you want to find the corresponding role for that profile. if my understanding is right..

go to SUIM >>>> roles >>> by profile asignment >>> give the profile valsue you will get the conserned role name.

Pleas let me know if you need any furtherinformation.

Thanks,

Phani.

Former Member

‎05-02-2009 3:27 PM

0 Kudos

We came accross the same scenario during upgrade.There is a possibility of the profiles being over written or should I say just renamed. This happens especially when you download/upload the roles and regenerate the profiles and if you are using the default profile names. The profile generated will pick the next available profile name and ofcourse the role name stays the same. When you move this to production, since the role now has a different profile name, all the users with the assignment of role with old profile name will loose the access when the daily batch job for usercomparision/PFUD runs.

Former Member

‎05-02-2009 3:31 PM

0 Kudos

One more point.

If you are maintaining dual environment for upgrade , you can look for the role associated with the profile name that is missing from the user in the secondary environment. Once you find the role name, you can assign the role to the user in the primary environment.

Good Luck!