Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SUIM different behavior while searching roles

former_member478439
Explorer

‎10-27-2011 1:13 PM

0 Kudos

Hi,

Recently there was a support package that was implemented to our SAP ECC 6.0 system. From then onwards, SUIM shows a different behavior. If I open, "Role by complex selection" add a transaction code that does not exist in the system (or any junk value), the result is all the security roles that are present in the system. Actually the result should be that the role does not exist.... It does not work after this patch was add to our SAP ECC 6.0.

Please let me know if there is a note for the same and what needs to be done to fix the problem.

Thanks in advance.....

7 REPLIES 7

Former Member

‎10-27-2011 2:44 PM

0 Kudos

This may be a silly question but can you confirm that your security roles don't contain and wildcard values for field TCD

former_member478439
Explorer
In response to Former Member

‎10-27-2011 2:50 PM

0 Kudos

SUIM worked fine until this patch was installed..... No role modification was done...

Edited by: Sheville Rodrigues on Oct 27, 2011 3:50 PM

Former Member
In response to Former Member

‎10-28-2011 9:24 AM

0 Kudos 
SUIM worked fine until this patch was installed..... No role modification was done...
> 
> Edited by: Sheville Rodrigues on Oct 27, 2011 3:50 PM

I appreciate that it was working fine, however can you confirm that you have no wildcards for field TCD in the problem roles?

What I am trying to rule out is that it is only looking for menu transactions rather than the proper access at field level.

mvoros
Active Contributor

‎10-27-2011 11:46 PM

0 Kudos

Hi,

I believe that it's a bug in SUIM. I checked my 7.02SP7 system. It tries to get all roles with that transaction. This step returns empty result. The problem is that then it tries to get all corresponding derived roles for selected roles. Because the returned result is empty, it selects every role in the system because every role has proper value in field Parent Role (any value is OK if a table used in FOR ALL ENTRIES is empty).

Long story short, it should be fixed in note 1575598.

Cheers

Former Member

‎11-01-2011 7:50 AM

0 Kudos

SAP Note 1575598 - SUIM RSUSR070 incorr. results when

searching for transaction

Symptom

You use the user information system (transaction SUIM) to search for roles

with a certain transaction assignment (report RSUSR070).

If you enter a non-existent transaction as the search criterion, roles are

displayed.

Former Member

‎11-02-2011 8:36 AM

0 Kudos

Run SUIM > Roles > By Authorization Values.

Enter authorization S_TCODE then any of your junk values.

It will return all roles with Transaction Code = * . If result is the same is yours, SAP has changed the algorithm of search to the more precise one.

Former Member
In response to Former Member

‎11-15-2011 3:43 PM

0 Kudos

Dear All,

Let me share my understanding of SUIM - Roles - By Authorization Values

Enter S_TCODE as an object and Value "*" will return you the roles with the * entry.

Please try the difference between "*" and * in your system.

System I tried it with is SAP ECC 6.0 with SAP_ABA 700 L0020.

Best regards

Tobias