Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Security Tracking report

Former Member

‎2007 Mar 01 9:43 PM

0 Likes
883

Hi Folks

I would need some ideas with respect to the following

I would like to know changes made to the following

1. Organizational levels,

2. Changes to roles (by means of addition or deletion of tcodes)

3. Manual addition of objects to a role

4. Change of Auth Field values for an object.

I would like to have this information on a on-demand basis, In the sense I would like to have some kind of a report which I can query to have this information as and when required.

I am aware of the AGR tables however am not sure about the relationship one has with another.I have a feeling that one can pull out details from these tables... however dont exactly have a exact way to do it...

Could you please share your thoughts on how I can approach this.

best regards

Ravi

6 REPLIES 6
Read only

Former Member

‎2007 Mar 01 9:47 PM

0 Likes
803

Ravi,

Have you run the change document reports in transaction SUIM? It provides for most of what you are looking.

Cheers,

Ben

Read only

Former Member

‎2007 Mar 01 9:55 PM

0 Likes
803

Ravi,

Most of the change doc information is contained in tables such as CDHDR, USH* and objects such as CDCLS.

Cheers,

Ben

Read only

Former Member

‎2007 Mar 04 8:13 PM

0 Likes
803

Hi Ben

I have tried the change documents, however for some reason have not found them very reliable. I would have a look at those tables and let you know.

thanks anywayz

Ravi

Read only

Former Member

‎2007 Mar 05 7:35 AM

0 Likes
803

Hi Ravi,

You can actually access change Documents in SUIM to extract a report on the changes made to Role, Filed Values, etc...

But if you want to extract a report using tables, you can go for AGR* tables such as:

AGR_1251 Authorization data for the activity group

AGR_1252 Organizational elements for authorizations

AGR_AGRS Roles in composite role

AGR_TCODES Assignment of roles to Tcodes

AGR_USERS Assignment of roles to users

You can also write a Infoset Queries using SQ01, SQ02, SQ03 which would help you in getting a report from more than 1 Table at once.

Thanks & Regards,

Santosh

Read only

Former Member
In response to Former Member

‎2007 Mar 05 7:22 PM

0 Likes
803

HI Geek,

Whatever you want to do investigation or any query go to transaction SQVI and select AGR tables and join them and run the query as you want. You can run whatever report you want. You can every solution in ths SQVI. Check it and don't forget to this to vote me

Read only

Former Member

‎2007 Mar 05 9:48 PM

0 Likes
803

We are not on Netweaver yet, but I doubt this has changed...One caution, if you use SQVI or SQ01/SQ02 to join tables, you can't join AGR_USERS and PA0105 on userid because they use different field names & sizes. We got around it by having our ABAP group give us a custom table view...because they can choose to ignore the warning that it gives them. Only takes a few minutes for them to do and it gave us a whole new range of queries we could do.