- SAP Community
- Products and Technology
- Additional Q&A
- How to check role and authorization
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
How to check role and authorization
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 05-02-2010 5:11 AM
Hi,
I have following questions and really hope you can help me.
1.Whether there are transactions or reports in SAP which will display all changes that has been done in User roles and authorisations assignments. For example, from the beginning the user had a limited authorisation, when it was changed to greater one? The same issue for the roles, assuming there were changes in role.
2.How can I test, whether the user has got a proper authorisation and can execute only the transactions he is supposed to do?
Thank you in advance
Accepted Solutions (0)
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
For missimg authorization you can run transaction su53 for the user, with this u can get the authorization that was missing to perform the task by user.
Regards,
Srinivasan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Use transaction SUIM to display all change documents for the user. This will show you which roles were added and deleted, when, and by whom.
SUIM also has the option of showing all transactions executable by a given user.
Steve.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
SUIM and SU53 are read-only transactions. They don't allow you to change anything. If you need this information to do your job then you should be given access to SUIM. It is by far the easiest way of getting the information you are looking for. If you can see which roles a user has (SU01D) and can look inside those roles (PFCG), then you can build the same list but it is harder work. I can think of no reason you shouldn't have access to SUIM if security administration is part of your job.
Steve.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- SAP S/4HANA Cloud Public Edition: Security Configuration APIs in Enterprise Resource Planning Blogs by SAP
- Convert multiple xml's into single Xlsx(MS Excel) using groovy script in Technology Blogs by Members
- Account Balance Validation in SAP S/4HANA Cloud, Public Edition in Enterprise Resource Planning Blogs by SAP
- Country Compliance - Configure overrides for US WTPA Form fields in Human Capital Management Blogs by SAP
- SAP S/4HANA Cloud, public edition, ABAP Environment Case 8: Material Shelf Life Management in Enterprise Resource Planning Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.