cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to get authorization values of user ID wise

prashant_pmx
Explorer

on ‎09-04-2018 7:40 AM

0 Kudos

Hello,

How to get authorization values of user ID wise

i have to design authorization matrix so that i need to find all user ID authorization object & their collected value because there is lot of roles their so i have to check all role who have this object & collect the value.


Thanks in advance,

Prashant

Show replies
Show replies
Answer
View Entire Topic
Colleen
Advisor
Advisor
‎09-04-2018 7:45 AM

normally when I design an authorisation matrix I stick a spreadsheet with one sheet for the master role list and summary of what it should and should not do. there might be a column to call out specific authorisation objects that are sensitive. The next sheet is a matrix with rows for each executable (transaction, service, RFC, Fiori, etc) that is going go in the PFCG role Menu and the columns are the single roles. If I use composite or business roles then I have another sheet to map single roles to composite as a matrix

the underlying authorisations live in SAP within the authorisation data

SUIM is then the way to check who has what

you can then extract agr_users for user to roles if you need to map that out

Show replies
Show replies
prashant_pmx
Explorer
‎09-04-2018 7:49 AM
0 Kudos

Thanks for the reply,

i have system which is running from last 5 years but now i have to design new matrix so i have to extract the data & collect all userwise athorization object & their values so i can create new roles

Colleen
Advisor
Advisor
‎09-04-2018 10:32 PM
0 Kudos

are you redesigning new matrix to fix your documentation or there is a plan to rebuild the security and switch users over to the new roles?

prashant_pmx
Explorer
‎09-05-2018 2:54 AM
0 Kudos

Yes, we have plan to rebuild the security & switch users over to new role.

i need authorization object & their collective values so i can create new user role.

here I got the solution,

In SE16N table AGR_1251 having authorization object & values.

Colleen
Advisor
Advisor
‎09-05-2018 4:39 AM

I recommend you focus on what your users do/use not what they have. Extracting their access (via AGR_1251 join to AGR_USER) won't really help with your clean up. If you are cleaning up 5 years worth and rebuilding then it sounds like the system is a mess and you can't trust that the access is right. You can do this by extracting STAD data for a period of time to see what users have been using. It will give you transactional level but it is a starting point to work with functional experts to redesign the roles.

AGR_1251 doesn't help if you are cleaning up security as risk reintroducing the mess you are trying to remove.

prashant_pmx
Explorer
‎09-07-2018 8:07 AM

Thank you so much for your valuable inputs.

Prashant

Ask a Question