Solved: How do I know what transactions are added Roles in...

Former Member · ‎01-23-2008

All,

We have FI guys requesting different transactions.

To stop this and keep track of this,

I need to ffind out what transactions have been adde to each FI role ?

Is there any report out there that would tell me what new transactions have been added to all

Customized FI roles ?

Please advise.

From

PT.

Former Member · ‎01-23-2008

What 'new' transactions have been added / changes to the profiles or roles, you could use SUIM -> Change Documents -> Roles or Profiles.

If you would like to see all the transactions executable for a User/ Profile/ Role, Use Transactions under SUIM.

Hope this helps.

Regards,

Snehal

Former Member · ‎01-23-2008

PT,

Just go to SUIM report tree, you will find all the reports you need there.

Have fun.

Lye

jurjen_heeck · ‎01-23-2008

To be more specific, go to the section called "change documents" in SUIM.

Former Member · ‎01-23-2008

What 'new' transactions have been added / changes to the profiles or roles, you could use SUIM -> Change Documents -> Roles or Profiles.

If you would like to see all the transactions executable for a User/ Profile/ Role, Use Transactions under SUIM.

Hope this helps.

Regards,

Snehal

jurjen_heeck · ‎01-23-2008

>

> If you would like to see all the transactions executable for a User/ Profile/ Role, Use Transactions under SUIM.

Ehh, please be aware of the fact that the 'transactions' reports under suim look in table AGR_TCODES which itself does not contain 'real' authorizations (or sources for the profile) but only the tcodes that were put in the role via the menu tab.

To actually see which transactrons are executable for a user look at the reports for authorization values, select object S_TCODE. This also reports manually entered S_TCODE values as well as ranges.

Former Member · ‎01-27-2008

Thanks all.

I think ST03n will give the all the transacitons that were

executed by user.

From

PT.

jurjen_heeck · ‎01-27-2008

>

> I think ST03n will give the all the transacitons that were

> executed by user.

I am a bit curious now, since this is true but I miss the relation to your original question. That was about the contents of the roles.

In the majority of systems the users have access to more transactions than they actually use. Restricting access based on findings from ST03N can cause problems, especially in FICO where some actions are only executed once a month or even once a year....

Former Member · ‎01-27-2008

Issue is, here we have FICO users requesting transactins

that they are not sure if they really need it.

<removed_by_moderator> did not do the good job on training this users for FICO functional area.

From

PT

Edited by: Julius Bussche on Jan 27, 2008 7:43 PM

Former Member · ‎01-27-2008

Hello PT,

Feel free to flame consultants in general, as well as auditors, end users, developers, etc, (there are enough here to defend themselves... but please abstract specific implementation details without mentioning company's names.

Regarding "need or not need" a transaction... ST03N will give you the "used or not used" information... and even this is not necesarily correct => a user might submit a report or execute a transaction (for which the system writes a stat record), however an authority-check or other condition failed... so they did not actually "use the transaction", let alone "need it".

Kind regards,

Julius

How do I know what transactions are added Roles in System