on 02-13-2013 3:56 PM
Hi All.
In the earlywatch reports; we can see below details about users with critical authorizations
"
The following users are authorized to change and reset the passwords of all users. This is very risky because these users could change the password of users and log on as these users themselves. The only consequence would be that the real user would no longer be able to log on because the password was changed. In this case, however, the password is normally reset because it may be that the real user has forgotten his or her password.
001 | 2 | 3 |
100 | 91 | 55540 |
Authorization objects:
Object 1: S_TCODE with TCD=SU01 or TCD=OIBB or TCD=OOUS or TCD=OPF0 or TCD=OPJ0 or TCD=OVZ5
Object 2: S_USER_GRP with ACTVT=05"
But when we check all number of users (active or inactive) which have access to SU01; it comes out as 22. Could anyone please advise how we can find the output as above(No. of users authorised to reset/change passwords) to verify the data in EWA is correct. We have received concerns from management ove the number as 91 and need to validate
.
Posted it earlier under security but did not get any response. Adding to administrators as well; in case someone knows how SAP EWA calculates this data so that I can check the same in the system.
Thanks
Varun
Hi,
You should consider not only SU01. EWA tells you that you have 91 users with following access:
S_TCODE with TCD=SU01 or TCD=OIBB or TCD=OOUS or TCD=OPF0 or TCD=OPJ0 or TCD=OVZ5
So TCD=SU01 will be your 22 users
Now run tcode SUIM and go to Users -> Users by complex Selection Criteria -> By Authorization Values:
Under Authorization Object enter S_TCODE and hit enter and under Transaction Code put your t-code from EWA for example OIBB and execute. This will give you a list of users who has access to it.
Hope this helps.
Alex
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Interesting ... what if you run SUIM one by one for each tcode (TCD=SU01 or TCD=OIBB or TCD=OOUS or TCD=OPF0 or TCD=OPJ0 or TCD=OVZ5) ... basically you will do it 6 times. Copy users after each run into excel and after you done remove duplicates ... let's see what number you will get.
I'm concerned that the user s maybe missing because you are using more that one condition while running SUIM report.
Let me know how it goes.
User | Count |
---|---|
78 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.