Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Tracking report

Former Member

‎03-01-2007 9:43 PM

0 Kudos

Hi Folks

I would need some ideas with respect to the following

I would like to know changes made to the following

1. Organizational levels,

2. Changes to roles (by means of addition or deletion of tcodes)

3. Manual addition of objects to a role

4. Change of Auth Field values for an object.

I would like to have this information on a on-demand basis, In the sense I would like to have some kind of a report which I can query to have this information as and when required.

I am aware of the AGR tables however am not sure about the relationship one has with another.I have a feeling that one can pull out details from these tables... however dont exactly have a exact way to do it...

Could you please share your thoughts on how I can approach this.

best regards

Ravi

6 REPLIES 6

Former Member

‎03-01-2007 9:47 PM

0 Kudos

Ravi,

Have you run the change document reports in transaction SUIM? It provides for most of what you are looking.

Cheers,

Ben

Former Member

‎03-01-2007 9:55 PM

0 Kudos

Ravi,

Most of the change doc information is contained in tables such as CDHDR, USH* and objects such as CDCLS.

Cheers,

Ben

Former Member

‎03-04-2007 8:13 PM

0 Kudos

Hi Ben

I have tried the change documents, however for some reason have not found them very reliable. I would have a look at those tables and let you know.

thanks anywayz

Ravi

Former Member

‎03-05-2007 7:35 AM

0 Kudos

Hi Ravi,

You can actually access change Documents in SUIM to extract a report on the changes made to Role, Filed Values, etc...

But if you want to extract a report using tables, you can go for AGR* tables such as:

AGR_1251 Authorization data for the activity group

AGR_1252 Organizational elements for authorizations

AGR_AGRS Roles in composite role

AGR_TCODES Assignment of roles to Tcodes

AGR_USERS Assignment of roles to users

You can also write a Infoset Queries using SQ01, SQ02, SQ03 which would help you in getting a report from more than 1 Table at once.

Thanks & Regards,

Santosh

Former Member
In response to Former Member

‎03-05-2007 7:22 PM

0 Kudos

HI Geek,

Whatever you want to do investigation or any query go to transaction SQVI and select AGR tables and join them and run the query as you want. You can run whatever report you want. You can every solution in ths SQVI. Check it and don't forget to this to vote me

Former Member

‎03-05-2007 9:48 PM

0 Kudos

We are not on Netweaver yet, but I doubt this has changed...One caution, if you use SQVI or SQ01/SQ02 to join tables, you can't join AGR_USERS and PA0105 on userid because they use different field names & sizes. We got around it by having our ABAP group give us a custom table view...because they can choose to ignore the warning that it gives them. Only takes a few minutes for them to do and it gave us a whole new range of queries we could do.