on 09-04-2018 7:40 AM
Hello,
How to get authorization values of user ID wise
i have to design authorization matrix so that i need to find all user ID authorization object & their collected value because there is lot of roles their so i have to check all role who have this object & collect the value.
Thanks in advance,
Prashant
normally when I design an authorisation matrix I stick a spreadsheet with one sheet for the master role list and summary of what it should and should not do. there might be a column to call out specific authorisation objects that are sensitive. The next sheet is a matrix with rows for each executable (transaction, service, RFC, Fiori, etc) that is going go in the PFCG role Menu and the columns are the single roles. If I use composite or business roles then I have another sheet to map single roles to composite as a matrix
the underlying authorisations live in SAP within the authorisation data
SUIM is then the way to check who has what
you can then extract agr_users for user to roles if you need to map that out
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I recommend you focus on what your users do/use not what they have. Extracting their access (via AGR_1251 join to AGR_USER) won't really help with your clean up. If you are cleaning up 5 years worth and rebuilding then it sounds like the system is a mess and you can't trust that the access is right. You can do this by extracting STAD data for a period of time to see what users have been using. It will give you transactional level but it is a starting point to work with functional experts to redesign the roles.
AGR_1251 doesn't help if you are cleaning up security as risk reintroducing the mess you are trying to remove.
Thank you so much for your valuable inputs.
Prashant
User | Count |
---|---|
67 | |
8 | |
8 | |
6 | |
6 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.