https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940110#M388263 <HTML><HEAD></HEAD><BODY><P>Hi Ben</P><P></P><P>I have tried the change documents, however for some reason have not found them very reliable. I would have a look at those tables and let you know.</P><P></P><P>thanks anywayz</P><P>Ravi</P></BODY></HTML> Sun, 04 Mar 2007 20:13:01 GMT Former Member 2007-03-04T20:13:01Z https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940107#M388260 <HTML><HEAD></HEAD><BODY><P>Hi Folks</P><P></P><P></P><P></P><P>I would need some ideas with respect to the following</P><P></P><P></P><P></P><P>I would like to know changes made to the following</P><P></P><P></P><P></P><P>1. Organizational levels, </P><P></P><P>2. Changes to roles (by means of addition or deletion of tcodes)</P><P></P><P>3. Manual addition of objects to a role</P><P></P><P>4. Change of Auth Field values for an object.</P><P></P><P></P><P></P><P>I would like to have this information on a on-demand basis, In the sense I would like to have some kind of a report which I can query to have this information as and when required.</P><P></P><P></P><P></P><P>I am aware of the AGR tables however am not sure about the relationship one has with another.I have a feeling that one can pull out details from these tables... however dont exactly have a exact way to do it...</P><P></P><P></P><P></P><P>Could you please share your thoughts on how I can approach this.</P><P></P><P></P><P></P><P>best regards</P><P></P><P>Ravi</P></BODY></HTML> Thu, 01 Mar 2007 21:43:45 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940107#M388260 Former Member 2007-03-01T21:43:45Z https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940108#M388261 <HTML><HEAD></HEAD><BODY><P>Ravi,</P><P></P><P>Have you run the change document reports in transaction SUIM? It provides for most of what you are looking.</P><P></P><P>Cheers,</P><P></P><P>Ben</P></BODY></HTML> Thu, 01 Mar 2007 21:47:38 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940108#M388261 Former Member 2007-03-01T21:47:38Z https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940109#M388262 <HTML><HEAD></HEAD><BODY><P>Ravi,</P><P></P><P>Most of the change doc information is contained in tables such as CDHDR, USH* and objects such as CDCLS.</P><P></P><P>Cheers,</P><P></P><P>Ben</P></BODY></HTML> Thu, 01 Mar 2007 21:55:47 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940109#M388262 Former Member 2007-03-01T21:55:47Z https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940110#M388263 <HTML><HEAD></HEAD><BODY><P>Hi Ben</P><P></P><P>I have tried the change documents, however for some reason have not found them very reliable. I would have a look at those tables and let you know.</P><P></P><P>thanks anywayz</P><P>Ravi</P></BODY></HTML> Sun, 04 Mar 2007 20:13:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940110#M388263 Former Member 2007-03-04T20:13:01Z https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940111#M388264 <HTML><HEAD></HEAD><BODY><P>Hi Ravi,</P><P>You can actually access change Documents in SUIM to extract a report on the changes made to Role, Filed Values, etc...</P><P>But if you want to extract a report using tables, you can go for AGR* tables such as:</P><P>AGR_1251 Authorization data for the activity group </P><P>AGR_1252 Organizational elements for authorizations </P><P>AGR_AGRS Roles in composite role </P><P>AGR_TCODES Assignment of roles to Tcodes </P><P>AGR_USERS Assignment of roles to users </P><P></P><P>You can also write a Infoset Queries using SQ01, SQ02, SQ03 which would help you in getting a report from more than 1 Table at once.</P><P></P><P>Thanks &amp; Regards,</P><P>Santosh</P></BODY></HTML> Mon, 05 Mar 2007 07:35:50 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940111#M388264 Former Member 2007-03-05T07:35:50Z https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940112#M388265 <HTML><HEAD></HEAD><BODY><P>HI Geek,</P><P> Whatever you want to do investigation or any query go to transaction SQVI and select AGR tables and join them and run the query as you want. You can run whatever report you want. You can every solution in ths SQVI. Check it and don't forget to this to vote me</P></BODY></HTML> Mon, 05 Mar 2007 19:22:11 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940112#M388265 Former Member 2007-03-05T19:22:11Z https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940113#M388266 <HTML><HEAD></HEAD><BODY><P>We are not on Netweaver yet, but I doubt this has changed...One caution, if you use SQVI or SQ01/SQ02 to join tables, you can't join AGR_USERS and PA0105 on userid because they use different field names &amp; sizes. We got around it by having our ABAP group give us a custom table view...because they can choose to ignore the warning that it gives them. Only takes a few minutes for them to do and it gave us a whole new range of queries we could do.</P></BODY></HTML> Mon, 05 Mar 2007 21:48:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-tracking-report/m-p/1940113#M388266 Former Member 2007-03-05T21:48:01Z