08-20-2015 2:22 PM
Hi Experts,
I am facing one critical issue. One user was having access of one T-code but suddenly he is getting message that he is not authorized for that T-code. I have checked any change for his user id but no changes has been done. Even When I am searching the roles of that particular T-code from SUIM, I am not getting role name. I have checked from ST03N last month history, that t-code was accessed by him.
Please advise how to find out that from which role user has accessed this t-code ? Please help as this is critical requirement for me.
Thanks in advance !
Regards,
Lokesh Bajaj
08-20-2015 2:36 PM
There's no way to find out which role allowed a user to access a transaction code in the past. That information is not held anywhere. You say no changes have been made to the user, so that must mean changes have been made to one of the user's roles. Look at change documents for those roles.
Steve.
08-20-2015 2:56 PM
Hi Steve,
Thanks for your prompt response. It is very difficult to check all change documents of all roles assigned to that user.
Thanks !
08-20-2015 3:08 PM
How many role changes do you make? Is looking at changes to all roles in the last month feasible? You can do that in one step.
Remember to do this in your development system, though - roles changes aren't made in production, so you won't find any there...
Steve.
08-21-2015 12:06 AM
Hi Lokesh
Quick etiquette - there is an unwritten assumption that everyone who posts to SCN asking for assistance has critical issue (to them) or urgent. No need to write it as anyone who responds to you is doing it in their free time. If anything, you might annoy many knowledgeable community members and they will show their annoyance through silence.
Steve has covered a fair bit of it. Some things to break down and assume
If still getting nowhere then you need to check
Biggest bit comes down to understanding what the user has actually lost
Also, I can't remember of the top of my head if a call transaction (SE97 skips S_TCODE check) or similar will show as a user having executed it but in reality the user cannot execute it directly
Regards
Colleen