Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricting SUIM to one of of the user

Former Member

‎06-21-2010 7:52 AM

0 Kudos

Hi,

We have created a role having all auth other basis in test system. user able to view SUIM reports. we checked auth objects from SU21 and SU24 and removed from his role. still he is able to execute the SUIM tcode.

Pls suggest

8 REPLIES 8

Former Member

‎06-21-2010 8:13 AM

0 Kudos

Hi,

Check in profiles is SAP_ALL and SAP_NEW is assigned and remove them. Also, please elaborate what all Tcodes you have added in the role and do you want to restrict the user not to use SUIM tcode or only some reports of SUIM. If it is first case then remove the tcode SUIM from the role.

Kindly explain your requirement in detail so that we can help you in solving the issue.

Regards,

Sharath

Bernhard_SAP
Employee
Employee

‎06-21-2010 8:41 AM

0 Kudos

Hello,

check, if the user has authorization for ranges or wildcards within values, like S, or A-Z* etc.

b.rgds, Bernhard

Former Member

‎06-21-2010 9:07 AM

0 Kudos

hey james

check for this authorization object 'S_RZL_ADM' in your role. try to deactivate this object. I presume that you have created this role with sap_all profile. if yes, then you need to look in to all the basis authorijation objects and deactivate them.

also in pfcg enter your role then on 'menu' tab select find option on right-hand side(binoculars image) and enter suim. This will give you the tree location to reach to suim. follow the link and delete it manually.

regards,

Former Member

‎06-21-2010 12:48 PM

0 Kudos

Hello,

Also note that SUIM authorization is also passed through authority object S_TCODE with value S_BCE*.

Check that any user should not have such authorization.

Thanks/Regards,

Charu

Former Member
In response to Former Member

‎06-22-2010 5:03 AM

0 Kudos

Hi

We have created a role from SAP Standard Menu and selected all other than Tools. In that the user is getting SUIM. We restricted the auth obj which were in SU24 for SUIM.

But still user executing the SUIM

mvoros
Active Contributor
In response to Former Member

‎06-22-2010 5:30 AM

0 Kudos

Hi,

you can run trace ST01 for SUIM to get all objects which are checked. After that you can use SUIM to get which roles have these objects. Or just check if these objects are in your custom role.

Cheers

Former Member

‎11-04-2010 1:21 AM

0 Kudos

thanks

Former Member

‎11-04-2010 8:04 PM

0 Kudos

Hi

If you've given the user all the access from the menu except some then SUIM isn't really an issue for DEV (IMOO). The information it provides will report on the roles, users, tcodes, objects, etc which the rest of the access far outweighs. Ther are many reports in the SUIM menu which run independantly of SUIM - maybe you might want to remove those as already proposed earlier but what is the driver for doing all this?

It's never easy in DEV - given the 'what's the problem with me having full access?'

The ST01 option is good but not always practical - try to get a proper spec of what the user needs or, even, give them what you have built and then watch the used tcodes over a few weeks, they probably only ever use less than 30 tcodes in all. Tcodes are power :=)

Then cut them down to size...

Cheers

David