12-21-2009 1:47 PM
Hi,
is there a way to find out by what means a user received a certain authorization.
Example: I know a user has certain authorization lets say S_DEVELOP with specific values. How can find out, by what role or profile assignment the user received this authorization?
Thanks
Torsten
12-21-2009 2:29 PM
Hi,
Goto SUIM :> Roles :> Roles by complex selection Criteria
Enter the userid and below enter the authorization object and click on enter values .
Enter the required values and then execute.
You will get the list of roles having object S_DEVELOP , that are assigned to user.
Regards,
Rajesh
12-21-2009 1:56 PM
Explore transaction SU56. That shows the user buffer for any user (provide you have sufficient authorizations) and can be filtered on any object.
12-21-2009 2:29 PM
Hi,
Goto SUIM :> Roles :> Roles by complex selection Criteria
Enter the userid and below enter the authorization object and click on enter values .
Enter the required values and then execute.
You will get the list of roles having object S_DEVELOP , that are assigned to user.
Regards,
Rajesh
12-21-2009 3:39 PM
Ok, but an authorization object can also be assigned by a profile - the profile originated authorization objects will not show up ...
Any other idea to preceed
Thanks
Torsten
12-21-2009 5:40 PM
> Any other idea to preceed
SU56 will show both profiles directly assigned and profiles assigned through roles.
12-22-2009 1:48 PM
Torsten,
You can do a quick trace with tx ST01, by checking only Authorization check.
To know how a transaction is reading the authorizations from a user, open the coresponding transaction with tx SE38 and put a breakpoint to the AUTHORITY-CHECK command. Another way is executing GET_AUTH_VALUES function module from tx SE37, selecting corresponding data, then read the values (AUTH column).
Kind regards
12-22-2009 1:59 PM
> You can do a quick trace with tx ST01, by checking only Authorization check.
This will not return the information OP wants. He wants to see through which role or profile a user got a certain authorization. ST01 will only show executed authorization checks without any link to the corresponding profile.