> Since I am Basis person, so i am required to find a solution to anything :).

Oh dear. With SAP you'll learn not to promise too much Just read the note and that suggests this report evaluates the proper data. Can you describe the inconsistencies a bit more accurate?

> I never promised anything, but was required to find some solutions. I just wanted to try my best.

Nothing wrong with that. No offense meant in the 'promise' remark.

> So i searched OSS notes and applied one. But this note made the SUIM even worse 😞

Are you sure the profile is properly generated? Green trafficlight on authorizations tab in PFCG.

If so, better go for the "authorizations value" reports. I only use those as they reveal the actual authorizations and that is always more relevant than the menu contents.

I do not have a proper solution for your original problem. You may want to report that top SAP.

Jurjen

Hi Lillian,

the solution for the miracle shall be, that searching for transactions executable with role the result may differ from assigned t-code anhd S_TCODE-values.

RSUSR010 (S_BCE_68002041) lists only transactions, which really can be executed with that role. So not only S_TCODE is necessary, but also the prerequisites for execution (is the TX valid (TSTC), is it locked (SM01), additional authorizations necessary (SE93/TSTCA)) are checked. Especially the last point is oftne a trap. For instance for the t-code QA03 you'll need as per SE93-definition Q_TCODE with TCD = QA03 .

A simple countercheck is to create a test user, assign only that role , log on and try to start the assigned t-codes. If oyu fail, the result of rsusr010 is correct.

b.rgds, Bernhard

EDIT: sorry, my mistake: it is not checked, if the t-code is locked in SM01....

Edited by: Bernhard Hochreiter on Sep 22, 2010 10:54 AM

That's an eye-opener!

It's a pity the documentation on SAPhelp http://help.sap.com/saphelp_nw70ehp1/helpdata/en/8e/448450771c4544aad54321ddaff2e4/frameset.htm is as short as it is.

I've always distrusted this report and it now turns out I didn't really know enought about it's inner workings. I suspect that goes for quite a lot of us.

pls review my last reply, I just have entered an update (at 'EDIT').

Well in the link to the online help there is a further link to 'Authorization Checks', which give mor info, but also on the selection screen of rsusr010 there is an 'Info'-Button with some information. But I agree, that the available information is not too comprehensive.... Obviously SAP trusted in the Report titel to be self explanatory....

b.rgds, Bernhard

Building proper roles is not as simple as "satisfying" this report. I suggest you sit together with someone who needs the role, someone who can tell you whether it functions in the desired manner or not by testing and tweaking together. Reports are never a substitute for that.

As intriguing as your question in the beginning was, you're now heading towards a slippery slope Building and finetuning ABAP roles is considered basic knowledge in this forum. Questions on how to do that are discouraged here as the forum is no substitute for training. Once again, no offence meant. A hint to get you underway: explore ST01 and/or search the forum on its use for determining actual authorization needs.

Jurjen

> A standard procedure might be considered in the way how to create a role.

Basically it al depends on maintenance in SU24. If that is properly set up for your installation/company, building roles should be reasonably straightforward from the moment you have entered the neccesary transactions in the menu. The better you are able to maintain the proposal values in SU24, the fewer yellow trafficlights you see when you go into the authorizations tab.

Editiing proposals in SU24 is really an experience thing. Once you've found out which objects always are missing, come with wrong proposal values or do not belong with a certain transaction in your security set up you can amend SU24 settings accordingly.

Jurjen