Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Audit tool which generates Users, Roles, Auth objects, and Values

Go to solution
Former Member

‎11-18-2009 9:22 AM

0 Kudos

Hi,

I have a list regarding authorization provided by auditors.

Here I want to know how the auditors generated the list.

Do you know the transaction code or the program ID.....?

Probably the data in the list was extracted from our system, and some data were manually processed or added.

Hard to write down but fields and examples appear in the list;

-FIELDS-

User

Group

Full Name

Rule

Side

Operator

Role

Authorization

Attribute

Attribute Value

Associated Role

Associated Authorization

Associated Attribute

Associated Attribute Value

-EXAMPLES-

testuser01

group001

user01 test

Create Maintain Sales Order vs Create Maintain Customer Master Records

LHS

Any

Z_ROLETEST_001

Authorization=T-D524126500, Object=S_TCODE

TCD

FB01

Z_ROLETEST_002

Authorization=T-D524126600, Object=F_BKPF_BUK

ACTVT

1

Thank you in advance.

/Y.Shirako

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎11-18-2009 10:14 AM

0 Kudos

Your auditors will have their own tool which extracts the data that they want.

Typical ways they use it are:

Install ABAP on your system which provides files for them to crunch in an SQL (or similar) database.

Tool extracts data via RFC calls into your system that is then processed externally.

Why don't you ask your auditors? Usually in their report is an explanation of how the data was gathered.

5 REPLIES 5

Go to solution
Former Member

‎11-18-2009 10:14 AM

0 Kudos

Your auditors will have their own tool which extracts the data that they want.

Typical ways they use it are:

Install ABAP on your system which provides files for them to crunch in an SQL (or similar) database.

Tool extracts data via RFC calls into your system that is then processed externally.

Why don't you ask your auditors? Usually in their report is an explanation of how the data was gathered.

Go to solution
Former Member
In response to Former Member

‎11-18-2009 11:03 AM

0 Kudos

Hi,

In an ABAP system, you can view most of these things with transaction SUIM, which is the User Information System.

Kind regards,

Dagwin

Go to solution
Former Member
In response to Former Member

‎11-18-2009 12:57 PM

0 Kudos

tables where thie info is stored in are AGR* USR* and UST* look at these tables and find your info, you probably have to put them in a database to bring it all together

Edited by: Auke Visser on Nov 18, 2009 1:57 PM

Go to solution
Former Member
In response to Former Member

‎11-18-2009 7:39 PM

0 Kudos

> Install ABAP on your system which provides files for them to crunch in an SQL (or similar) database.

> Tool extracts data via RFC calls into your system that is then processed externally.

Yes, the interfaces of those tools are often a hazard in themselves...

I typically recommend customers to delete them completely. Sometimes this comment also exists in the code itself, but who reads code now-a-days in GRC projects, and why should they have to? ;-(

This looks very much like one of those tools (where the SQL statements are built externally).

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎11-19-2009 12:40 AM

0 Kudos

> 

> Yes, the interfaces of those tools are often a hazard in themselves...

A conversation I had today leads me to believe that the main culprit of this method has now phased it out with the latest release of their tool...