on 05-02-2010 5:11 AM
Hi,
I have following questions and really hope you can help me.
1.Whether there are transactions or reports in SAP which will display all changes that has been done in User roles and authorisations assignments. For example, from the beginning the user had a limited authorisation, when it was changed to greater one? The same issue for the roles, assuming there were changes in role.
2.How can I test, whether the user has got a proper authorisation and can execute only the transactions he is supposed to do?
Thank you in advance
Hi,
For missimg authorization you can run transaction su53 for the user, with this u can get the authorization that was missing to perform the task by user.
Regards,
Srinivasan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Use transaction SUIM to display all change documents for the user. This will show you which roles were added and deleted, when, and by whom.
SUIM also has the option of showing all transactions executable by a given user.
Steve.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
SUIM and SU53 are read-only transactions. They don't allow you to change anything. If you need this information to do your job then you should be given access to SUIM. It is by far the easiest way of getting the information you are looking for. If you can see which roles a user has (SU01D) and can look inside those roles (PFCG), then you can build the same list but it is harder work. I can think of no reason you shouldn't have access to SUIM if security administration is part of your job.
Steve.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.