on 12-30-2009 11:21 AM
Dear Sir/Madam,
With SUIM I found users list having a tcode sm30. But when I tried to find out the exact Role containing that Tcode with SUIM , it is not showing any role. I have to remove this Tcode from these Users. How it can be done?
Please advice.
Thanks and Regards,
Pranab
> But when I tried to find out the exact Role containing that Tcode with SUIM , it is not showing any role.
The suim report roles "by transaction assignment" is notoriously unreliable because it only looks in the role menus. Better use the report for roles "by authorization values", fill in "S_TCODE" as object 1, hit the enter key and give SM30 as value. Now you should get a list of roles containing SM30, even if it isn't in the role menu.
I think that's less tedious than Bala's suggestion and just as accurate.
For more detailed explanations browse or search the SDN forum.
Jurjen
One other thought: Are there any profiles assigned directly to the users? That would also explain the behaviour you described.
Edited by: Jurjen Heeck on Dec 30, 2009 4:30 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
As per your query you find out how many users have this t-code. If necessary then create another profile for this and assign to said user.
Anil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Above all are correct, you have to choose best one, i am giving another one:
suim --> user -->user by complex selection criteria --> put tcode (i.e sm30) --> F8 -->double click on user name -->profile --> own profile -->in each profile you have to see in s_tcode & TCD if sm30 is there the note taht profile and from corrospownding role you have to remove sm30 with the help of pfcg, do the same process with all the users.
Regards,
Sanjay Jha
Hi,
With SUIM I found users list having a tcode sm30
review that user you found, do they have inappropriate profile? eg. standard profile &_SAP_ALL will allow user to execute almost all transaction. if yes, please remove inappropriate profile. you should maintain transaction assignment via role only.
hope it help you,
rgds,
Alfonsus Guritno
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
1. First you need to prepare a list of user for whom you will need to remove the SM30 auth.
2. Now go to su01 type the first user select roles copy down the list of roles in a notepad.
3.In SUIM you need to check the transactions --> Executable for Role... if you find SM30 in list then delete it in PFCG and
Proceed check with the next role.
4. This may be tedious process but will give you 100 % accuracy.
5.This step has to be continued till the last user in the list.
Regards
Bala
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
107 | |
12 | |
11 | |
6 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.