Académique Documents
Professionnel Documents
Culture Documents
com/eBooks/sap-authorizations-concept-
(/index.php) simplied.html)
User use this when your question is mainly regarding users, i.e. Which user has access to T-Code XXX, or I need a list of users with their last
logon date. Pay attention that over the years SAP has added dierent types of reports under this menu entry like: authorizations-related
reports, usage reports, and general reports such as Users by address data, (which works well but doesnt seem to be related to authorizations).
Roles the short name roles might be misleading because in this context it applies to authorization roles (not job roles). The reports under
this entry are used to nd authorization roles via dierent criteria. If the question is, Which role includes authorization object XXX, then this is
the right menu entry to use.
Proles This menu item, proles, applies to authorization proles, which in fact should not be granted directly to users. The T-Code SUIM
allows the search for authorization proles and, in most cases, this menu path is not needed for common day-to-day questions. That said, this
menu path is perfect for the very popular question, (the number one question from auditors), Who has SAP_ALL or SAP_NEW proles?
Authorizations this is the entry to use to search for combinations of authorization objects and values. SAP denes an Authorization as a
combination of an authorization object with values. Pay attention that after the objects name is entered in the screen, the display changes, so
values can be added to the search criteria.
Read about the basic objects of SAP authorizations and SUIM in our eBook (/eBooks/sap-authorizations-concept-simplied.html)
Authorization Objects this menu allows the search for authorization objects by name or class and each menu entry is basically the same.
Compared to Authorizations above, this entry doesnt include a search option for objects with values, but for the authorization objects
themselves. Searches like Which objects include the word material in their description is a good trigger for using the Authorization Objects
menu path.
Transactions
Download using the traditional
our eBook: (and confusing)
SAP Authorization Concept name Transactions
- Simplied for(http://www.xpandion.com/eBooks/sap-authorizations-concept-
Click Here! T-Codes, SUIM allows the user to search for T-Codes according to
four search criteria: T-Codes for user, T-Codes in an authorization role, T-Codes in authorization prole and T-Codes which include a specic
simplied.html)
authorization object. From our experience, this menu entry is not used very much by most professionals.
Comparisons comparing users and authorization roles are the most utilized options in this SUIM menu entry. Its possible to compare them in
the same system and in remote systems (just press the Across Systems button). The comparison is focused on authorization objects only, so if
you need to compare users by roles for example, this is not the right place.
Where-Used List here you will nd the same reports that are located in other menus in SUIM, but from the need of where the object is used.
In most cases, this menu entry is not used so much because these reports are already located in the menu entries above.
Change Documents this menu path details the changes that occurred for a single object like user, role, etc. For instance, search here to know
what changes were performed on an authorization role over time. Part of SUIMs popularity is based on this menu entry that enables a user to
track changes to authorizations over time.
* Note about Complex Selection Criteria the menu entries: User, Roles, Proles, Authorizations, and Authorization Objects all have the
option to be shown by Complex Selection Criteria. This is an interesting option because it includes additional lters to the selection. In fact, the
report behind the menu path Complex Selection Criteria is the same report behind all the other options, however in other options the lters
are hidden, and in Complex Selection Criteria they are shown.
* Also note: some reports in SUIM have more in depth information than the one in the rst screen. In most reports, when you click on a row, the
system will show you much more data, related to that row. Go ahead and double click on rows in most cases it will reveal more relevant data.
More pitfalls? Read our article: what to be aware when using SUIM (/Security-Authorizations/why-you-should-use-suim-very-carefully-when-
analyzing-sap-authorizations.html)
That said, SUIM is still a very good tool to identify who is granted to what situations when you dont have a tool like ProleTailor Dynamics to
monitor authorizations (/proletailor-dynamics-security-authorizations.html) SUIM is quick and it is free. If your auditors are nagging you about
authorizations, do a pass through SUIM rst and you might nd your answers there. Or, if you need to quickly identify who has access to
company codes SUIM can give good results. For more sophisticated situations, like matrices of users vs. their authorizations or for identifying
whose authorizations should be removed because they are not being used, its highly suggested to implement a professional tool like
ProleTailor Dynamics Security and Authorizations. (/proletailor-dynamics-security-authorizations.html)