Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Checking roles for their criticality

timkudla
Participant
0 Kudos
1,020

Hey community,

I am looking for a function module with which I can select roles based on the contained authorization objects and ideally their characteristics. It should be possible to use this module locally as well as remotely. During my research I came across the following, but unfortunately they always have a negative aspect:

  • SUSR_USER_AUTH_FOR_OBJ_GET
    The result is exactly as I imagined it, i.e. that I get the value of the permission object, but that a user must be specified is unfortunately an exclusion criterion.
  • SUSR_SUIM_API_RSUSR070
    Offers the possibility to filter/select on the characteristic of an object, but unfortunately the input cannot be negated at this point. For example give all roles with S_DEVELOP where the value is not equal to "03".
  • RFC_READ_TABLE or as they all are called
    I am aware that I could easily access the UST12 table with it, but I would like to avoid this if possible. (for reasons of "security" and data processing effort)

Do you know any other similarly functioning ones?

Thank you in advance for your answers/suggestions!

Yours sincerely
Tim

1 ACCEPTED SOLUTION

timkudla
Participant
0 Kudos
524

As a result of Colleen Hebbert's answer, I went through the possibilities in the SUIM again and finally ended up with this program RSUSRAUTH or function module SUSR_SUIM_API_RSUSRAUTH. Although in a second step I still have to determine the users who have the roles, but it comes closest to my expectations. (-> display the roles with their exact characteristics and even their status)

5 REPLIES 5

matt
Active Contributor
524

Maybe you should the Security tag.

Colleen
Product and Topic Expert
Product and Topic Expert
0 Kudos
524

not sure if your research took you down this pathway, but maybe look at these programs as they are based on configuring of critical checks for roles

RSUSR008 Critical Combinations of Authorizations at Transaction Start

RSUSR008_009_NEW List of Users With Critical Authorizations

RSUSR009 List of Users With Critical Authorizations

0 Kudos
524

Yes, I came across them, but since the entries change frequently, the variants would always have to be maintained.

Colleen
Product and Topic Expert
Product and Topic Expert
0 Kudos
524

HI Tim

glad you found an answer for what you are trying to do. Must admit, my mind jumps to SAP Access Control for Risk Analysis to define rulesets and execute Critical Actions or Segregation of Duties.

I'm unsure what you mean by entries changing frequently as the critical combination allows you to configure different scenarios to analyse unless that doesn't help with your remote options

Regardless, thanks for the update and closing out your question

timkudla
Participant
0 Kudos
525

As a result of Colleen Hebbert's answer, I went through the possibilities in the SUIM again and finally ended up with this program RSUSRAUTH or function module SUSR_SUIM_API_RSUSRAUTH. Although in a second step I still have to determine the users who have the roles, but it comes closest to my expectations. (-> display the roles with their exact characteristics and even their status)