Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Different results in SUIM

Go to solution
Former Member

‎05-11-2010 1:24 PM

0 Kudos

Hi,

I really wonder how the transaction SUIM behave. I need to know the roles that can execute a particular transaction.

For example, when I search for a transaction through Roles -> By Transaction Assignment I get 2 hits and they are correct, but if the transaction is added manually to the object S_TCODE I don't get those roles. (I know this isn't the way to build roles in best way, but I'm not the one who built the roles)

When I'm searching through Roles -> By Authorization Values, object S_TCODE and the same transaction code, I get more hits than 2. Why?? For some roles the transaction isn't neither in the menu or in the object S_TCODE, why am I getting those roles in the result??

What should I believe in?

I start wonder if START_REPORT have something to do with this? Or the package which is connected to the transaction?

Has someone any input?

/Anna

Edited by: Anna Rosenklint on May 11, 2010 2:25 PM

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎05-11-2010 1:30 PM

0 Kudos

Transactions added in Menu are reflected in object S_TCODE. However, administrators can also go and add transactions directly in S_TCODE.

The results shown when you execute with option S_TCODE are the roles which can provide access to user. There are many bugs reported in SUIM and SAP has delivered notes as well like 171805 .

Please search in service market place. Also post the basis version you are in. Moderators can find best note for you.

Regards,

Gowrinadh

Edited by: Gowrinadh Challagundla on May 11, 2010 2:32 PM

11 REPLIES 11

Go to solution
Former Member

‎05-11-2010 1:30 PM

0 Kudos

Transactions added in Menu are reflected in object S_TCODE. However, administrators can also go and add transactions directly in S_TCODE.

The results shown when you execute with option S_TCODE are the roles which can provide access to user. There are many bugs reported in SUIM and SAP has delivered notes as well like 171805 .

Please search in service market place. Also post the basis version you are in. Moderators can find best note for you.

Regards,

Gowrinadh

Edited by: Gowrinadh Challagundla on May 11, 2010 2:32 PM

Go to solution
jurjen_heeck
Active Contributor
In response to Former Member

‎05-11-2010 1:41 PM

0 Kudos

> Transactions added in Menu are reflected in object S_TCODE. However, administrators can also go and add transactions directly in S_TCODE.

Besides that, some transactions bring along S_TCODE proposals for other transactions when added to a role menu.

The main difference between the two search methods is that the transaction assignment one only looks in the role menu whereas the object approach gives you the real authorizations. Best use the latter one.

Jurjen

Go to solution
Bernhard_SAP
Advisor
Advisor
In response to Former Member

‎05-11-2010 1:49 PM

0 Kudos

and besides that don't forget the possibility of using intervals in object S_TCODE.....

Go to solution
Former Member
In response to Former Member

‎05-11-2010 1:56 PM

0 Kudos

Explanation:

I search for example for S_ALR_87012357 and when I'm searching through Roles -> By Authorization Values S_TCODE I get roles where the transaction doesn't exist. Neither in the menu or in the object S_TCODE. Why am I getting those roles in the search list?

Go to solution
jurjen_heeck
Active Contributor
In response to Former Member

‎05-11-2010 2:42 PM

0 Kudos

> Neither in the menu or in the object S_TCODE. Why am I getting those roles in the search list?

Are you sure there are no ranges or wildcarded entries like S_ALR* in the S_TCODE object?

Go to solution
Former Member
In response to Former Member

‎05-11-2010 2:43 PM

0 Kudos

I have found below notes which may be applicable for you.

Note 1227083 - SUIM| Search criteria authorization object/transaction code

Note 752356 - SUIM|RSUSR070: Selection by transactions in the role menu

Note 1335564 - SUIM| Searching for authorization values w/ conversion exit

Note 1393940 - SUIM| Incorrect results when searching for profile and roles

Go to solution
Former Member
In response to Former Member

‎05-11-2010 2:44 PM

0 Kudos 
Are you sure there are no ranges or wildcarded entries like S_ALR* in the S_TCODE object?

Yes I am, it is only a few transaction codes.

Go to solution
jurjen_heeck
Active Contributor
In response to Former Member

‎05-11-2010 3:37 PM

0 Kudos

Can you post a selection from AGR_TCODES and AGR_1251 filtered for S_TCODE for the relevant role(s) here?

Besides that, are the profiles porperly generated, ie everything green in PFCG?

Go to solution
Former Member
In response to Former Member

‎05-11-2010 3:47 PM

0 Kudos

Yes, the profiles are porperly generated, everything is green in PFCG.

The transaction I search for S_ALR_87012357

In AGR_1251

AGR_NAME OBJECT AUTH FIELD LOW HIGH

Z0:FI_03_D S_TCODE T-D186008300 TCD AS03

Z0:FI_03_D S_TCODE T-D186008300 TCD AS23

Z0:FI_03_D S_TCODE T-D186008300 TCD AW01N

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87010125

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87011963

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87011979

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87011981

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87011990

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87012004

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87012028

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87012037

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87012039

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87012041

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87012050

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87012052

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87012066

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87012075

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87012936

Z0:FI_03_D S_TCODE T-D186008300 TCD S_P99_41000192

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87011994

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87012048

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87011969

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87011968

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87011967

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87011966

Z0:FI_03_D S_TCODE T-D186008300 TCD S_ALR_87011964

Z0:FI_03_D S_TCODE T-D186008300 TCD AS93

In AGR_TCODES

AGR_NAME TYPE TCODE DIRECT

Z0:FI_03_D TR AS03 X

Z0:FI_03_D TR AS23 X

Z0:FI_03_D TR AS93 X

Z0:FI_03_D TR AW01N X

Z0:FI_03_D TR S_ALR_87010125 X

Z0:FI_03_D TR S_ALR_87011963 X

Z0:FI_03_D TR S_ALR_87011964 X

Z0:FI_03_D TR S_ALR_87011966 X

Z0:FI_03_D TR S_ALR_87011967 X

Z0:FI_03_D TR S_ALR_87011968 X

Z0:FI_03_D TR S_ALR_87011969 X

Z0:FI_03_D TR S_ALR_87011979 X

Z0:FI_03_D TR S_ALR_87011981 X

Z0:FI_03_D TR S_ALR_87011990 X

Z0:FI_03_D TR S_ALR_87011994 X

Z0:FI_03_D TR S_ALR_87012004 X

Z0:FI_03_D TR S_ALR_87012028 X

Z0:FI_03_D TR S_ALR_87012037 X

Z0:FI_03_D TR S_ALR_87012039 X

Z0:FI_03_D TR S_ALR_87012041 X

Z0:FI_03_D TR S_ALR_87012048 X

Z0:FI_03_D TR S_ALR_87012050 X

Z0:FI_03_D TR S_ALR_87012052 X

Z0:FI_03_D TR S_ALR_87012066 X

Z0:FI_03_D TR S_ALR_87012075 X

Z0:FI_03_D TR S_ALR_87012936 X

Z0:FI_03_D TR S_P99_41000192 X

Go to solution
Bernhard_SAP
Advisor
Advisor
In response to Former Member

‎05-12-2010 10:23 AM

0 Kudos

ok, then you need the corrections of note 1273992

( https://service.sap.com/sap/support/notes/1273992 )

This will solve your problem.

b.rgds, Bernhard

Go to solution
Former Member
In response to Former Member

‎05-12-2010 11:29 AM

0 Kudos 
ok, then you need the corrections of note 1273992

Thank you very much, it works now!