https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405608#M1406957 <HTML><HEAD></HEAD><BODY><P>tables where thie info is stored in are AGR* USR* and UST* look at these tables and find your info, you probably have to put them in a database to bring it all together</P><P></P><P>Edited by: Auke Visser on Nov 18, 2009 1:57 PM</P></BODY></HTML> Wed, 18 Nov 2009 12:57:38 GMT Former Member 2009-11-18T12:57:38Z https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405605#M1406954 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>I have a list regarding authorization provided by auditors.</P><P>Here I want to know how the auditors generated the list.</P><P>Do you know the transaction code or the program ID.....?</P><P></P><P>Probably the data in the list was extracted from our system, and some data were manually processed or added.</P><P>Hard to write down but fields and examples appear in the list;</P><P></P><P><DEL>-FIELDS</DEL>-</P><P>User</P><P>Group</P><P>Full Name</P><P>Rule</P><P>Side</P><P>Operator</P><P>Role</P><P>Authorization</P><P>Attribute</P><P>Attribute Value</P><P>Associated Role</P><P>Associated Authorization</P><P>Associated Attribute</P><P>Associated Attribute Value</P><P></P><P><DEL>-EXAMPLES</DEL>-</P><P>testuser01</P><P>group001</P><P>user01 test</P><P>Create Maintain Sales Order vs Create Maintain Customer Master Records</P><P>LHS</P><P>Any</P><P>Z_ROLETEST_001</P><P>Authorization=T-D524126500, Object=S_TCODE</P><P>TCD</P><P>FB01</P><P>Z_ROLETEST_002</P><P>Authorization=T-D524126600, Object=F_BKPF_BUK</P><P>ACTVT</P><P>1</P><P></P><P>Thank you in advance.</P><P>/Y.Shirako</P></BODY></HTML> Wed, 18 Nov 2009 09:22:43 GMT https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405605#M1406954 Former Member 2009-11-18T09:22:43Z https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405606#M1406955 <HTML><HEAD></HEAD><BODY><P>Your auditors will have their own tool which extracts the data that they want. </P><P>Typical ways they use it are:</P><P></P><P>Install ABAP on your system which provides files for them to crunch in an SQL (or similar) database.</P><P>Tool extracts data via RFC calls into your system that is then processed externally.</P><P></P><P>Why don't you ask your auditors? Usually in their report is an explanation of how the data was gathered.</P></BODY></HTML> Wed, 18 Nov 2009 10:14:39 GMT https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405606#M1406955 Former Member 2009-11-18T10:14:39Z https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405607#M1406956 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>In an ABAP system, you can view most of these things with transaction SUIM, which is the User Information System.</P><P></P><P>Kind regards,</P><P></P><P>Dagwin</P></BODY></HTML> Wed, 18 Nov 2009 11:03:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405607#M1406956 Former Member 2009-11-18T11:03:32Z https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405608#M1406957 <HTML><HEAD></HEAD><BODY><P>tables where thie info is stored in are AGR* USR* and UST* look at these tables and find your info, you probably have to put them in a database to bring it all together</P><P></P><P>Edited by: Auke Visser on Nov 18, 2009 1:57 PM</P></BODY></HTML> Wed, 18 Nov 2009 12:57:38 GMT https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405608#M1406957 Former Member 2009-11-18T12:57:38Z https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405609#M1406958 <HTML><HEAD></HEAD><BODY><P>&gt; Install ABAP on your system which provides files for them to crunch in an SQL (or similar) database.</P><P>&gt; Tool extracts data via RFC calls into your system that is then processed externally.</P><P>Yes, the interfaces of those tools are often a hazard in themselves...</P><P></P><P>I typically recommend customers to delete them completely. Sometimes this comment also exists in the code itself, but who reads code now-a-days in GRC projects, and why should they have to? ;-(</P><P></P><P>This looks very much like one of those tools (where the SQL statements are built externally).</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Wed, 18 Nov 2009 19:39:46 GMT https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405609#M1406958 Former Member 2009-11-18T19:39:46Z https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405610#M1406959 <HTML><HEAD></HEAD><BODY><P>&gt; </P><PRE><CODE><P></P><P>&gt; Yes, the interfaces of those tools are often a hazard in themselves...</P><P></P></CODE></PRE><P></P><P>A conversation I had today leads me to believe that the main culprit of this method has now phased it out with the latest release of their tool...</P></BODY></HTML> Thu, 19 Nov 2009 00:40:35 GMT https://community.sap.com/t5/application-development-and-automation-discussions/audit-tool-which-generates-users-roles-auth-objects-and-values/m-p/6405610#M1406959 Former Member 2009-11-19T00:40:35Z