We are trying to determine all changes to Roles followed a proper procedure and help is greatly appreciated.... So here is what I did.
1. SUIM - Change Documents - For Roles - Authorization Data
it will pull a list of all changes to the role for a given period of time selected in the previous screen.
2. To determine how many changes actually happened, the number of changes I mean, Can I use the total of the first row>?? Or is it the total of the row that says "New Value".
3. Also if you hit settings - Layout - Change on that screen, and select Document number, it will display document number also. Is there a way to coorelate this document number to a transport number?? What does the document number represent??
4. In the SUIM - Change Documents - For Roles there are other option that also seem to suggest changes to a Role...for e.g Attributes. Is an attribute change a change to a role?? Is the selection Single Roles in Composite role a valid selection criteria to show that there was a change?? More importantly these are all different criteria right?? (Results will not overlap unless I select all). Of course this only makes sense if there is someway I can tie this to a transport number....so how would I do that.
Any help is greatly appreciated. Thanks
Why you want to coorelate the document number to a transport number ??? Y do you want to tie this inforamtio to a transport number ??
Your initial requirement is to determine all changes to Roles for certain period of time.
Go to SUIM >> change doucmensts for roles >>> select overview of change documents >> in the result,
change documents cloumn shows you the actual changes to the role .. ..if you want you can take this to an excel sheet...
Please let me know if you need any further information.
There are a few admin type users that have S_USER_AGR and S_USER_PRO with activity 01 or 02. You only need activity 22 to assign roles if the parameters are set correctly in prgn_cust table. With 01 and 02 in production they can create and change directly in production if they also have PFCG transaction. They have these rights.
I am an auditor, am performing an audit to determine:
1. If the role changes were made in Dev/QA and then transported or were they made directly in prod.
2. If the changes that show up when execute the SUIM commands that I posted earlier are changes with transports associated to them or are they changes without transport associated with them
3. If the changes have transport associated with them...then how do I find it.
The usage of Transport History only to find a population of all changes precludes the following from being identified, which is why I need help to to figure this one out:
a. How do you identify changes (for roles) directly being made in prod using PFCG, if they have not been transported across. There is almost no logging turned on yet.