Solved: How to list roles with critical authorizations

Former Member · ‎09-01-2009

Hi all,

I know that by using RSUSR008_009_NEW , I can list the users with critical authorizations. I wonder if there exists such a report to list the roles with critical authorizations?

I mean the report shouldn't check if a role is assigned to a user or not.

Thanks in advance,

MERAL

Bernhard_SAP · ‎09-01-2009

Hi,

I do not think that such a report will make too much sense.

Normally the combination of several roles assigned to a user will lead to 'critical' authorizations. I assume, that the role admins know their 'critical' roles and use them carefully. The bigger danger is the unwanted assignement of critical authorizations as per the a.m. combination of several roles assigned.

b.rgds, Bernhard

Former Member · ‎09-01-2009

Not to my knowledge, except using variants in combination with RSUSR070.

Cheers,

Julius

Bernhard_SAP · ‎09-01-2009

Hi,

I do not think that such a report will make too much sense.

Normally the combination of several roles assigned to a user will lead to 'critical' authorizations. I assume, that the role admins know their 'critical' roles and use them carefully. The bigger danger is the unwanted assignement of critical authorizations as per the a.m. combination of several roles assigned.

b.rgds, Bernhard

Former Member · ‎09-01-2009

I need such a report to clean the roles in our system because later they can be assigned to a user.

Also, when a role is wanted to be assigned to a user - via a program developed by us - , if the role has critical authorizations , we want the program to inform the assigner . I wondered if there exists already developed report or function that I can use..

Former Member · ‎09-01-2009

Hi,

Have you tried via SUIM.

If you identified all the critical authorizations, then you can pull it from SUIM.

Goto SUIM-> roles -> by authorization object. Is it the requirement?

Sorry if it doesnt fulfill your requirement.

Regards,

Raja. G

Former Member · ‎09-01-2009

This message was moderated.

Former Member · ‎09-01-2009

Hello,

Agrred to Julius, go for RSUSR70>> roles by comlex selection criterai,and also SUIM both are same.

Since you must be aware of crtical authorization, i would be easy to narrow day your search..

Cheers,

Prasant K Paichha

Former Member · ‎09-01-2009

Thanks for your answers . I know "Roles by complex Selection Criteria" report but as I know, it is very limited from the side of possible enterable authorization count. Also we have so many authorization combinations and systems to check and I don't want to enter the selection criteria for every system. Maybe creating variants to this report can be a solution but still limited authorization criteria is a big problem for me. Also maintenance of variants is difficult. I want to keep all the combinations in a table as "Users with Critical Authorizations" table.

sdipanjan · ‎09-01-2009

The report (RSUSR080_090_NEW) you mentioned can help you most out of all options discussed here. The main task is to find out and then document them in the table USKRI (USKRIA) y using the TCodes SU96 and SU98. Then you define your own query to pull out the Users (and assigned roles) by using the report mentioned by you.

Regards,

Dipanjan

Former Member · ‎09-02-2009

Where I can see a use for this is to check a single role's build for critical auths (with more than 3 objects and AND/OR operators) as well as SOD conflicts within the role.

If a role is built with an SOD conflict, then the assignments to the users does not matter anymore...

So it would be usefull for auditing the concept, although as Berhard has already indicated - most mistakes are made with lots of small roles packed into composites and then assigned to the users to cause the conflicts.

Cheers,

Julius