Solved: SOX related issue

Former Member · ‎06-26-2009

Hi,

As per the SOx task we are getting users as per the the bleow:

Run ABAP RSUSR002

Transaction Code: SE16

Authorization Object:

1) S_TABU_DIS and values 02

2) S_DEVELOP with value 01 02 06 07.

I got users list,

when I search roles by users (from the list which ever i got) with the

above authorization but I not getting any roles.

Can you please suggest em to go a head.

If they have access with any profile then how can we trace the profile from SUIM.

sdipanjan · ‎06-26-2009

Go to SUIM..

Users by complex selection criteria..

put user name and execute..

in the next screen.. click on "Display Details" screen (left most button in the application toobar)...

click on "Selectively Expand Subtree"

in the Authorization Object field .. use the multiple selection option to put S_TCODE and S_TABU_DIS

Download the full list as spreadsheet... open with excel and search and mark for your desired values in the sheet.

I hope you will find this simple and easy way..

Regards,

Dipanjan

sdipanjan · ‎06-26-2009

Go to SUIM..

Users by complex selection criteria..

put user name and execute..

in the next screen.. click on "Display Details" screen (left most button in the application toobar)...

click on "Selectively Expand Subtree"

in the Authorization Object field .. use the multiple selection option to put S_TCODE and S_TABU_DIS

Download the full list as spreadsheet... open with excel and search and mark for your desired values in the sheet.

I hope you will find this simple and easy way..

Regards,

Dipanjan

Former Member · ‎06-29-2009

Hi Dipanjan

Thanks for your reply, As per your reply I got the list and I couldn't find the role and profile for the user.

Please let me know is there any other way to find the role or profile.

Former Member · ‎06-26-2009

> when I search roles by users (from the list which ever i got) with the

> above authorization but I not getting any roles.

Then it's coming from a profile...

Former Member · ‎06-29-2009

Hi Pravin

Please use the following path

For roles

suim - > roles - > By User Assignment

For Profiles

Suim->user-> user by complex selection crteria->by profiles

hope this is useful

thanks

Shitika

Bernhard_SAP · ‎06-29-2009

Hi Pravin,

make sure, your system has already the corrections of following SAP notes:

918629

961294

1273992

What you could check in addition is, if the users got the authorizations through a reference user assignement.

b.rgds, Bernhard

Former Member · ‎07-07-2009

Hello pravin,

I suggest you to find the roles/profiles like that:

Run ABAP RSUSR002 :

fill the data like that: object 1- s_tcode-value-se16

object 2 - s_tabu_dis activity 02

object 3 - s-develop activity 01 or 02 or 06 or 07

then you will get a role list where this sox problem exit.

double-click on user assignment will show you the users with this sox problem.

good luck.

best regards,

Haim Brauner

Former Member · ‎07-07-2009

This is not necessarily critical, without knowing the other field names. But it is suspect.

S_TABU_DIS and S_DEVELOP are meant for development systems, but sometimes such roles find their way into production systems and might even be assigned.

It is suspect - but still dependent on the other fields of these objects (the table group, and the object name / package) so it might be isolated, possibly also incorrect repository settings during development (and subsequent "real life").

Cheers,

Julius