10-27-2011 1:13 PM
Hi,
Recently there was a support package that was implemented to our SAP ECC 6.0 system. From then onwards, SUIM shows a different behavior. If I open, "Role by complex selection" add a transaction code that does not exist in the system (or any junk value), the result is all the security roles that are present in the system. Actually the result should be that the role does not exist.... It does not work after this patch was add to our SAP ECC 6.0.
Please let me know if there is a note for the same and what needs to be done to fix the problem.
Thanks in advance.....
10-27-2011 2:44 PM
This may be a silly question but can you confirm that your security roles don't contain and wildcard values for field TCD
10-27-2011 2:50 PM
SUIM worked fine until this patch was installed..... No role modification was done...
Edited by: Sheville Rodrigues on Oct 27, 2011 3:50 PM
10-28-2011 9:24 AM
SUIM worked fine until this patch was installed..... No role modification was done...
>
> Edited by: Sheville Rodrigues on Oct 27, 2011 3:50 PM
I appreciate that it was working fine, however can you confirm that you have no wildcards for field TCD in the problem roles?
What I am trying to rule out is that it is only looking for menu transactions rather than the proper access at field level.
10-27-2011 11:46 PM
Hi,
I believe that it's a bug in SUIM. I checked my 7.02SP7 system. It tries to get all roles with that transaction. This step returns empty result. The problem is that then it tries to get all corresponding derived roles for selected roles. Because the returned result is empty, it selects every role in the system because every role has proper value in field Parent Role (any value is OK if a table used in FOR ALL ENTRIES is empty).
Long story short, it should be fixed in note 1575598.
Cheers
11-01-2011 7:50 AM
SAP Note 1575598 - SUIM RSUSR070 incorr. results when
searching for transaction
Symptom
You use the user information system (transaction SUIM) to search for roles
with a certain transaction assignment (report RSUSR070).
If you enter a non-existent transaction as the search criterion, roles are
displayed.
11-02-2011 8:36 AM
Run SUIM > Roles > By Authorization Values.
Enter authorization S_TCODE then any of your junk values.
It will return all roles with Transaction Code = * . If result is the same is yours, SAP has changed the algorithm of search to the more precise one.
11-15-2011 3:43 PM
Dear All,
Let me share my understanding of SUIM - Roles - By Authorization Values
Enter S_TCODE as an object and Value "*" will return you the roles with the * entry.
Please try the difference between "*" and * in your system.
System I tried it with is SAP ECC 6.0 with SAP_ABA 700 L0020.
Best regards
Tobias