Skip to Content
avatar image
Former Member

No. of users authorised to reset/change passwords in SAP EWA report

Hi All.

In the earlywatch reports; we can see below details about users with critical authorizations

"

10.2.4 Users Authorized to Reset/Change User Passwords

The following users are authorized to change and reset the passwords of all users. This is very risky because these users could change the password of users and log on as these users themselves. The only consequence would be that the real user would no longer be able to log on because the password was changed. In this case, however, the password is normally reset because it may be that the real user has forgotten his or her password.

001

2

3

100

91

55540

Authorization objects:
Object 1: S_TCODE with TCD=SU01 or TCD=OIBB or TCD=OOUS or TCD=OPF0 or TCD=OPJ0 or TCD=OVZ5
Object 2: S_USER_GRP with ACTVT=05"

But when we check all number of users (active or inactive) which have access to SU01; it comes out as 22. Could anyone please advise how we can find the output as above(No. of users authorised to reset/change passwords)  to verify the data in EWA is correct. We have received concerns from management ove the number as 91 and need to validate

.

Posted it earlier under security but did not get any response. Adding to administrators as well; in case someone knows how SAP EWA calculates this data so that I can check the same in the system.

Thanks

Varun

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    Feb 13, 2013 at 04:32 PM

    Hi,

    You should consider not only SU01. EWA tells you that you have 91 users with following access:

    S_TCODE with TCD=SU01 or TCD=OIBB or TCD=OOUS or TCD=OPF0 or TCD=OPJ0 or TCD=OVZ5

    So TCD=SU01 will be your 22 users

    Now run tcode SUIM and go to Users -> Users by complex Selection Criteria -> By Authorization Values:

    Under Authorization Object enter S_TCODE and hit enter and under Transaction Code put your t-code from EWA for example OIBB and execute. This will give you a list of users who has access to it.

    Hope this helps.

    Alex

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Interesting ... what if you run SUIM one by one for each tcode (TCD=SU01 or TCD=OIBB or TCD=OOUS or TCD=OPF0 or TCD=OPJ0 or TCD=OVZ5) ...  basically you will do it 6 times. Copy users after each run into excel and after you done remove duplicates ... let's see what number you will get.

      I'm concerned that the user s maybe missing because you are using more that one condition while running SUIM report.

      Let me know how it goes.