cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can not find role for some transection code

Go to solution
Former Member

on ‎07-28-2009 9:17 AM

0 Kudos

Dear Gurus,

EWA alert with security issue.

Many user grant access some t-code etc. SE16,SM59,SE17,SE16 and I found users at SUIM t-code can access.

But , when I find role for t-code that I should remove.

Not found,

Please advise.

Thank .

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-28-2009 9:26 AM
0 Kudos 
Many user grant access some t-code etc. SE16,SM59,SE17,SE16 and I found users at SUIM t-code can access. 

But , when I find role for t-code that I should remove.

Check what profiles are attached to these users via SU01. May be SAP_ALL or SAP_NEW is attached.

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎07-28-2009 9:59 AM
0 Kudos

Hi,

can you please try this

SUIM > Roles by complex criteria or RSUSR070 to find out this.

Go to the Selection by Authorization Value.

In Object 1 put S_TCODE and hit enter.

And put SU01 in Transaction code and hit execute (clock with check) button.

I use authorization object, as you can use this to test any object.

You can also get this information directly from table, if you have access to SE16 or SE16N. Execute SE16N

Table AGR_1251

Object S_TCODE

VALUE (low) SU01

Regards,

Srinu

Show replies
Show replies
Former Member
‎07-28-2009 12:40 PM
0 Kudos

Thank , Srinivas Nuthi

I found composit role "Y1:FI_ACCMGR_11" that contain t-code SE16

and test remove from user, cannot access t-code SE16. that OK.

One question.

Can I check and remove t-code SE16 from role "Y1:FI_ACCMGR_11" ?

Edited by: Witoon Dachapitak on Jul 28, 2009 1:41 PM

JPReyes
Active Contributor
‎07-28-2009 12:53 PM
0 Kudos

You need to think on the consequences of removing the transaction from that role will have to the rest of the users that have that role assigned.

If you want to remove se16 for everyone using the role then is fine.

BTW, If the role contain transactions and objects its not a composite role... a composite role is an group of roles.

Regards

Juan

Former Member
‎07-28-2009 2:41 PM
0 Kudos

Hi, Juan Reyes,

I found object that grant t-code SE16 contain role "Z1:FIGL_DOC_PST_1" and in Composit role "Y1:FI_ACCMGR_11"

Thank you very much for all comment.

Helpful,

JPReyes
Active Contributor
‎07-28-2009 2:45 PM
0 Kudos

Then you need to do the changes on Z1:FIGL_DOC_PST_1

Regards

Juan

Former Member
‎07-28-2009 9:26 AM
0 Kudos

Dear Witoon Dachapitak,

Can you tell us how yu are searching for roles of t-codes. As you alreay said that you have got the user ids from SUIM then go to SU01 and give that particular user name and check under roles tab. Under roles tab open the role and check for the Tcodes

Also using SUIM you can find the same easily.....by using Roles by Complex selection crieteria

Regards,

Sharath

Show replies
Show replies
Former Member
‎07-28-2009 9:42 AM
0 Kudos

Hi, Babu

I use Role by Transection Assignment,

And I saw more then 100 roles assign for user at SU01.

Ask a Question