Solved: Wrong result in SUIM ( bug ? )

Former Member · ‎07-15-2010

Dear experts,

I find something strange in SUIM report.

I created a role, assigned values, when i searched using SUIM to check the result, the result is not expected.

Below is the steps:

1) Create a role, named 'ztest', assign t-code va01 in menu tab, and then choose 'change authorization data' in authorization tab.

2) Configure the authorization field value in authorization object 'v_vbak_vko' as below:

V_VBAK_VKO:

ACTVT 01

SPART *

VKORG 1000

VTWEG *

3) Save and generate profile.

4) Using SUIM to check the result, Roles -> Roles by Complex Selection Criteria,

Enter the role name in 'Standard selection -> role',

Enter the authorization object 'v_vbak_vko' in 'Selection according to authorization values -> Object 1',

Click 'Entry values', enter '1000' in Sales Organization' & '02' in Activity, 'Distribution Channel' & 'Division' left blank.

5) I have tested this senario in R/3 enterprise, the role 'ztest' will not shown, but now this senario in ECC6, the role 'ztest' is shown.

I can not believe it. is it changed in ECC6, or it is a bug in our system?

My system 'SAP_BASIS' release is 700, the support package level is 0009.

Look forward your kindly help, thank you in advanced.

Best Regards!

Brian Li

SAP GRC Consultant

Bernhard_SAP · ‎07-15-2010

Hi Brian,

sounds like correction of note 961294 is necessary for your system.

b.rgs, Bernhard

Former Member · ‎07-15-2010

Hi Brian,

You may check this thread:

Many solutions provided

Edited by: Siddhartha Varma on Jul 15, 2010 11:56 AM

Former Member · ‎07-15-2010

Thank you for your kindly response.

The problem also can not resolve.

Bernhard_SAP · ‎07-15-2010

Hi Brian,

sounds like correction of note 961294 is necessary for your system.

b.rgs, Bernhard

Former Member · ‎07-15-2010

This message was moderated.

Former Member · ‎08-24-2010

Dear Bernhard,

The problem has been resolved, thank you very much for your help.

Sorry for the late response.

Best Regards.

Brian Li

Former Member · ‎07-15-2010

Hi ,

Make sure you are not opening the Parent role

be sure that you have derived roles from Parent , check and see after you have created the role the authorization tab is green for both Parent and child ( in case you have them ) or else check for the Single role itself .

Lastly see if the authorization object is entered manually in your role , rather than inserting object using "SU24"

SUIM might not be catching the manually added object( Guessing)

Former Member · ‎07-16-2010

hi, Franklin Jayasim,

Thank you for your reply.

The role is flat, no hierarchy. So it is no need to care about the relatinship between template role and derived role.

As far as i knowk, the object in or not in SU24 and authorization status in roles is no relationship with SUIM.

Former Member · ‎07-16-2010

Hi Brian LI,

Can you let me know if the object you mentioned is added manually in your ROLE?

are you still facing the problem, then you may have to see if the system is uptodate with latest security notes/patches/services.

Yes adding it manually still shows the output in SUIM

Edited by: Franklin Jayasim on Jul 16, 2010 6:54 PM

Former Member · ‎07-16-2010

Hi ,

From your question posted , I understand the steps clearly but I think you have not entered the values of

SPART

VKORG

VTWEG

from the organizational level tab, can you enter the values at the "organization level" area and try it out one more time.

Also your entry is "01"

but you are searching "02" activity

Edited by: Franklin Jayasim on Jul 16, 2010 7:06 PM

Former Member · ‎07-15-2010

Hi Brain,

Before you come to consulsion try different search sceniors in SUIM.

Try to search with only role name ZTEST.

Try to Search criteria authorization object/transaction code

There are many bugs reported in SUIM and SAP has delivered notes as well like 171805 / 1227083 / 1393940 .

Thanks,

Sri