Skip to Content

Checking roles for their criticality

Hey community,

I am looking for a function module with which I can select roles based on the contained authorization objects and ideally their characteristics. It should be possible to use this module locally as well as remotely. During my research I came across the following, but unfortunately they always have a negative aspect:

  • SUSR_USER_AUTH_FOR_OBJ_GET
    The result is exactly as I imagined it, i.e. that I get the value of the permission object, but that a user must be specified is unfortunately an exclusion criterion.
  • SUSR_SUIM_API_RSUSR070
    Offers the possibility to filter/select on the characteristic of an object, but unfortunately the input cannot be negated at this point. For example give all roles with S_DEVELOP where the value is not equal to "03".
  • RFC_READ_TABLE or as they all are called
    I am aware that I could easily access the UST12 table with it, but I would like to avoid this if possible. (for reasons of "security" and data processing effort)

Do you know any other similarly functioning ones?

Thank you in advance for your answers/suggestions!

Yours sincerely
Tim

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Best Answer
    Posted on Feb 14, 2019 at 10:34 AM

    As a result of Colleen Hebbert's answer, I went through the possibilities in the SUIM again and finally ended up with this program RSUSRAUTH or function module SUSR_SUIM_API_RSUSRAUTH. Although in a second step I still have to determine the users who have the roles, but it comes closest to my expectations. (-> display the roles with their exact characteristics and even their status)

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Feb 14, 2019 at 12:30 AM

    not sure if your research took you down this pathway, but maybe look at these programs as they are based on configuring of critical checks for roles

    RSUSR008 Critical Combinations of Authorizations at Transaction Start

    RSUSR008_009_NEW List of Users With Critical Authorizations

    RSUSR009 List of Users With Critical Authorizations

    Add a comment
    10|10000 characters needed characters exceeded

    • HI Tim

      glad you found an answer for what you are trying to do. Must admit, my mind jumps to SAP Access Control for Risk Analysis to define rulesets and execute Critical Actions or Segregation of Duties.

      I'm unsure what you mean by entries changing frequently as the critical combination allows you to configure different scenarios to analyse unless that doesn't help with your remote options

      Regardless, thanks for the update and closing out your question

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.