Solved: List of users with T-Code authorization

bntb_bntb · ‎05-21-2015

Good day,

I can go in T-Code SUIM-User information system > Transaction > Executable for user

...and get a nice list of all transaction that a specific user has access to.

Now what I need is this listing but for ALL users (i.e. I don't want to have to export this listing individually for each of our 110 users).

Is there an SE16 table (or set of two tables) or a report within SUIM that would give me this full listing of authorization?

We do use composite roles.

Thanks.

nikolayevstigneev · ‎05-22-2015

I ran the report you had suggested in production system for myself and got a list of about 120k t-codes. It should be mentioned that despite the authorisations are quite high I do not have SAP_ALL.

So, in case there is some report that fulfills your needs you are likely to get a list with several millions of lines. What are you going to do with it?

Maybe the task can be set in some other way?

Anyway, firstly, I would exclude users with SAP_ALL authorisations from your list of users (Users -> Users by Complex Selection Criteria -> By Profiles).

And besides t-codes list aren't you interested in business-specific authorizations? Like plants, storage locations, company codes, infotypes ... I mean that the purpose of the report is unclear for me.

In case you won't find a better choice you can submit the mentioned report in a loop for every user as a brute force solution and leave it for the night .

Former Member · ‎05-21-2015

SUIM -> USER -> Users by Complex Selection Criteria -> By Transaction Authorizations

bntb_bntb · ‎05-21-2015

Thank you Aaron,

But under SUIM > USER > Users by Complex Selection Criteria, only the following are available:

- By Critical Combinations of Authorizations at Transaction Start

- With Unsuccessful Logons

- By Logon Date and Password Chante

- List of Users With Critical Authorisations

- With Critical Authorisations (New Version)

So the option you mentionned is not present.

nikolayevstigneev · ‎05-22-2015

I ran the report you had suggested in production system for myself and got a list of about 120k t-codes. It should be mentioned that despite the authorisations are quite high I do not have SAP_ALL.

So, in case there is some report that fulfills your needs you are likely to get a list with several millions of lines. What are you going to do with it?

Maybe the task can be set in some other way?

Anyway, firstly, I would exclude users with SAP_ALL authorisations from your list of users (Users -> Users by Complex Selection Criteria -> By Profiles).

And besides t-codes list aren't you interested in business-specific authorizations? Like plants, storage locations, company codes, infotypes ... I mean that the purpose of the report is unclear for me.

In case you won't find a better choice you can submit the mentioned report in a loop for every user as a brute force solution and leave it for the night .

bntb_bntb · ‎05-22-2015

Thank you Nikolay.

I finally got a list of all executable TCodes by user by doing the following:

I joined: table AGR_1251 Where Object = "S_TCODE"

to table AGR_USERS

on field: Role

(this is a many-to-many SQL join)

I then analysed the resulting joined table with an Excel pivot table.

The purpose? To have a user-friendly, global and pivotable view of all executable TCode by users allows me to review whether the roles setup still meet our needs.

Solved.