Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Finding out IDOC a person has access to

Former Member

‎09-11-2018 7:34 PM

0 Kudos

During an audit, someone was found to have inappropriate access to be able to modify and execute IDOC (S_IDOCCTRL). I'm trying to see if there's a way to figure out what IDOCs this person may have modified and/or executed during the time he had access. Any tip is appreciated.

2 REPLIES 2

Colleen
Advisor
Advisor

‎09-11-2018 9:42 PM

did the user have any transactions beginning with BD* or WE*? Might be worth checking if they ran any IDOC transactions

was it full access to the object or specific values (might limit partner profiles or idoc types, etc to limit investigation)

did the sending system create an idoc with the segment data that could then be used to compare (again, partner profile, etc would help to reduce investigation)

Former Member

‎09-12-2018 6:30 AM

0 Kudos

Yes, he did have access to WE* and there's no logging in place to trace if the person had ran any IDOC transaction. He had access to modify, execute, and create IDOCs. I'm not sure if that's what you meant by 'full access to the object or specific values'. I guess our audit simply seeks to see if he had executed/modified/created these IDOCs when he wasn't supposed to, and that's the basis for my question here...