cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

No. of users authorised to reset/change passwords in SAP EWA report

Go to solution
former_member325638
Participant

on ‎02-13-2013 3:56 PM

0 Kudos

Hi All.

In the earlywatch reports; we can see below details about users with critical authorizations

"

10.2.4 Users Authorized to Reset/Change User Passwords

The following users are authorized to change and reset the passwords of all users. This is very risky because these users could change the password of users and log on as these users themselves. The only consequence would be that the real user would no longer be able to log on because the password was changed. In this case, however, the password is normally reset because it may be that the real user has forgotten his or her password.

001

2

3

100

91

55540

Authorization objects:
Object 1: S_TCODE with TCD=SU01 or TCD=OIBB or TCD=OOUS or TCD=OPF0 or TCD=OPJ0 or TCD=OVZ5
Object 2: S_USER_GRP with ACTVT=05"

But when we check all number of users (active or inactive) which have access to SU01; it comes out as 22. Could anyone please advise how we can find the output as above(No. of users authorised to reset/change passwords)  to verify the data in EWA is correct. We have received concerns from management ove the number as 91 and need to validate

.

Posted it earlier under security but did not get any response. Adding to administrators as well; in case someone knows how SAP EWA calculates this data so that I can check the same in the system.

Thanks

Varun

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-13-2013 4:32 PM
0 Kudos

Hi,

You should consider not only SU01. EWA tells you that you have 91 users with following access:

S_TCODE with TCD=SU01 or TCD=OIBB or TCD=OOUS or TCD=OPF0 or TCD=OPJ0 or TCD=OVZ5

So TCD=SU01 will be your 22 users

Now run tcode SUIM and go to Users -> Users by complex Selection Criteria -> By Authorization Values:

Under Authorization Object enter S_TCODE and hit enter and under Transaction Code put your t-code from EWA for example OIBB and execute. This will give you a list of users who has access to it.

Hope this helps.

Alex

Show replies
Show replies
former_member325638
Participant
‎02-13-2013 6:26 PM
0 Kudos

Thanks Alex,

I ran SUIM with three different OR conditions and fetched the output. While I copied to one sheet and removed duplicates; 66 records remained instead of 91. Any idea how can I run exactly the same criteria as in EWA report with all conditions together

Thanks

Varun

Former Member
‎02-14-2013 6:45 PM
0 Kudos

Did you try to run for the second auth object?

Object 2: S_USER_GRP with ACTVT=05"

former_member325638
Participant
‎02-14-2013 6:52 PM
0 Kudos

Hi Alex,

Yes; I tried for the other object; but it was creating a huge list of users. If I give all the conditions as per EWA screen at one go in users by complex selection criteria > users by complex selection criteria; it gives only 21 users

Thanks

Varun

Former Member
‎02-14-2013 7:42 PM
0 Kudos

Interesting ... what if you run SUIM one by one for each tcode (TCD=SU01 or TCD=OIBB or TCD=OOUS or TCD=OPF0 or TCD=OPJ0 or TCD=OVZ5) ...  basically you will do it 6 times. Copy users after each run into excel and after you done remove duplicates ... let's see what number you will get.

I'm concerned that the user s maybe missing because you are using more that one condition while running SUIM report.

Let me know how it goes.

Answers (0)

Ask a Question