02-17-2010 4:49 PM
We are using CUA and when I use SU01 to copy a user to a new user name, is there a table I can look at to see what Query Groups their old ID existed? I need to assign the new ID to these query groups and there are many where it could exist.
I have looked at this table AQGDBBN but it is empty.
Thanks,
Mary
02-17-2010 5:44 PM
And what will you do to that table if I tell you it's name?
I suggest reading the SAP Note mentioned by Bernhard Hochreiter in this thread to understand the background -->
Why are you renaming users? you should not do this (or delete them...) in an adhok manner as standard procedure of any sorts.
Even give A the same access as B causes endless problems...
Cheers,
Julius
02-17-2010 5:52 PM
The reason for copying or renaming a user is because their name has changed and our security process requires us to change their userid. The problem we have is their query access no longer works and they are business users who are un aware what groups the queries they execute exist in. We usually create the new ID and then delete their old user ID. The reason for looking at the table is to see what user groups their old ID existed in order for me to add their new ID to those same groups and remove the old ID. I hope I explained this better.
Mary
Edited by: Mary Gee on Feb 17, 2010 6:53 PM
02-17-2010 5:57 PM
Would it be acceptable to change the LastName in the address data?
Queries will not be the only area which this re-naming will impact...
Cheers,
Julius
02-17-2010 6:07 PM
I wish it were that easy, but we are required for auditing reasons and the user id is also changed in our AD. We have a portal and x509 tickets which also are updated with the new id. We use an SAP program to copy users favorites and parameters to the new userid master record. It has been the policy since I have been here. The company I came from has the same policy. I read the thread you referred me to and I understand what you are saying.
Thanks,
Mary
02-17-2010 6:29 PM
Which release are you on and do you have any plans in place to replace the CUA with an IdM yet at a foreseeable date?
If no, then you will need to "doctor" the tables.
I only ask because this is an "audit requirement" of yours and some auditors recommend a lot of nonsense, but you also mention a SSO impact.
Cheers,
Julius
02-17-2010 6:42 PM
We are using a solution manager client for CUA which is BASIS 701 and have an ECC60. system. We also have a Federated Portal connected just to PLM at this time and this is were the AD for SSO and X509 for workflow is being used. We have budgeted hardware for IdM for this year, but not sure at the moment when we will start.
The SQ03 is in our ECC60 system.
Thanks,
Mary
02-17-2010 9:18 PM
Okay, I understand.
Is the query ID in a report tree or menu or Bex anlyzer or started directly via SQ03 in the backend system?
Cheers,
Julius
02-17-2010 9:25 PM
It is started directly in with SQ01 in the backend system which is ECC60.
Mary
04-15-2010 7:11 AM
We have a similair need as our regular audit process of determining which users have access to which SAP Query 'User Groups' is time consuming and cumbersome.
If we knew the table that holds which usernames have access to which user groups and whether they are flagged as having the change/create authorisation setting or not, we could then create a query or abap report that easily provides that information.
If anybody knows that table name then we would be most appreciative of the information.
Thanks, Ken
06-25-2010 4:26 PM
I did not find the table but found in ECC6 if you go into SQ03 and select environment from the pull down menu, directories, Users/usergroups you can key in a userid and it will show you what query groups the userid is assigned to and if they have change access. Not sure if this is available in lower releases of SAP.
06-28-2010 12:15 AM
Thanks Mary for that information ... I too had found and used that but ultimately it still does not give me the information required.
Thanks anyway.
Regards, Ken