2015 May 21 4:56 PM
Good day,
I can go in T-Code SUIM-User information system > Transaction > Executable for user
...and get a nice list of all transaction that a specific user has access to.
Now what I need is this listing but for ALL users (i.e. I don't want to have to export this listing individually for each of our 110 users).
Is there an SE16 table (or set of two tables) or a report within SUIM that would give me this full listing of authorization?
We do use composite roles.
Thanks.
2015 May 22 8:17 AM
I ran the report you had suggested in production system for myself and got a list of about 120k t-codes. It should be mentioned that despite the authorisations are quite high I do not have SAP_ALL.
So, in case there is some report that fulfills your needs you are likely to get a list with several millions of lines. What are you going to do with it?
Maybe the task can be set in some other way?
Anyway, firstly, I would exclude users with SAP_ALL authorisations from your list of users (Users -> Users by Complex Selection Criteria -> By Profiles).
And besides t-codes list aren't you interested in business-specific authorizations? Like plants, storage locations, company codes, infotypes ... I mean that the purpose of the report is unclear for me.
In case you won't find a better choice you can submit the mentioned report in a loop for every user as a brute force solution and leave it for the night .
2015 May 21 5:05 PM
SUIM -> USER -> Users by Complex Selection Criteria -> By Transaction Authorizations
2015 May 21 6:25 PM
Thank you Aaron,
But under SUIM > USER > Users by Complex Selection Criteria, only the following are available:
- By Critical Combinations of Authorizations at Transaction Start
- With Unsuccessful Logons
- By Logon Date and Password Chante
- List of Users With Critical Authorisations
- With Critical Authorisations (New Version)
So the option you mentionned is not present.
2015 May 22 8:17 AM
I ran the report you had suggested in production system for myself and got a list of about 120k t-codes. It should be mentioned that despite the authorisations are quite high I do not have SAP_ALL.
So, in case there is some report that fulfills your needs you are likely to get a list with several millions of lines. What are you going to do with it?
Maybe the task can be set in some other way?
Anyway, firstly, I would exclude users with SAP_ALL authorisations from your list of users (Users -> Users by Complex Selection Criteria -> By Profiles).
And besides t-codes list aren't you interested in business-specific authorizations? Like plants, storage locations, company codes, infotypes ... I mean that the purpose of the report is unclear for me.
In case you won't find a better choice you can submit the mentioned report in a loop for every user as a brute force solution and leave it for the night .
2015 May 22 1:58 PM
Thank you Nikolay.
I finally got a list of all executable TCodes by user by doing the following:
I joined: table AGR_1251 Where Object = "S_TCODE"
to table AGR_USERS
on field: Role
(this is a many-to-many SQL join)
I then analysed the resulting joined table with an Excel pivot table.
The purpose? To have a user-friendly, global and pivotable view of all executable TCode by users allows me to review whether the roles setup still meet our needs.
Solved.