Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 
Frank_Buchholz
Advisor
Advisor
News: As of SAP_BASIS 7.52 (with a support package as of October 2019) you can use the standard report RSUSR_UP_AND_DOWNLOAD_FOR_CA instead:

See Note 2785076 - SUIM | New functions in RSUSR008_009_NEW




[This is a copy of the same page on Code Exchange on SDN which shuts down end of August 2013. Therefore, I move my projects here to SCN.]

 

We like to introduce a new Code Exchange project which was the result of a student practicum during the last weeks.

The purpose of this new program Z_USCRAUTH is to simplify the maintenance of critical authorization definitions used by Report RSUSR008_009_NEW. Using this program you can import an XLS sheet including the needed data or export the content of the database to an XLS sheet. Furthermore it gives a clearer overview of the authorization data in the form of some tables.

Finally we've published a file representing the checks of the SOS: https://support.sap.com/sos → Media Library → Security Optimization Service - ABAP Checks

Kind regards

Julius Daub and Frank Buchholz

ABAP Source Code


You find the source code on the corresponding wiki page.


ABAP source code:


https://wiki.scn.sap.com/wiki/download/attachments/491918787/Z_USCRAUTH.txt

XLS sheet:

https://wiki.scn.sap.com/wiki/download/attachments/491918787/SOS.XLS

Documentation


This report is used do export/import the definition data which are used by the report RSUSR008_009_NEW about critical authorization and variant of the user information system, transaction SUIM that you usually maintain within that report or using transaction SU_VCUSRVAR_CHANGE to/from an Excel-sheet.

This is much more convenient than defining it in the UI of the report.

Initial Screen




There are three actions that can be performed by the report. In (1) you choose the action to be performed. In (2) and (3) you can define criteria of selections for the data you want to get.

In (4) you have to choose an XLS-sheet file name whose data you want to be imported or where you want to export your data to.

Actions


Show Data

Only shows data selected in (2) and (3) on the screen in the form of 6 tables.



(Part of the info-screen)
Export Data

Exports data selected at (2) and (3) to the XLS selected at (4), generates a preview inside of the report and shows the same screen as Show Data. If the file already exists, it will be overwritten; else a new file with the pathname selected at (4) will be created.



(Preview of the Excel-Sheet inside of the report)



(Exported Excel-sheet)
Import Data

Imports data selected at (2) from the Excel sheet selected at (4), writes it to the database and shows it on the screen as in Show Data. In Addition the report shows a change log of the data on the screen.



(Change log)

If the data in the sheet is obviously incorrect, the changes won’t be performed and an error message will be displayed.



(Wrong Data in the XLS)



(Error Message)

Tips concerning the Excel file



  • The attached File contains the main part of the authorization data out of the SOS document, but it’s possible that there are some small mistakes.

  • The first column (TABLENAME) defines the table

  • The sort order of the file does not matter.

  • The entries for table USRVAR and USCRAUTHID are optional.

  • The TEXT field in USRVARID and USCRAUTHID is optional.

  • If you omit the language it will be replaced by the logon language.

  • Color Code 6 = RED

  • Color Code 3 = YELLOW

  • If you omit the color code it will be replaced by 6.

  • Have a close look to numeric data: To enter leading zeros use ' to avoid that Excel removes the leading zero. (This report repairs wrong data in case of the activity field, ACTVT, automatically.) Example: Enter '02 instead of 2

  • If the file is opened in Excel during executing the report, an error message will appear: "Excel file ... cannot be processed"

  • It’s recommended to use the attached file as template for your own file; you can also export some data to another file and edit this one.

  • If you want to create your own source file, this file has to follow this structure to get correct results:





















































































Record type Column A B C D E F G H
USRVAR (definition of variants) TABLENAME VARNAME
USRVARID (assignments of critical authorizations to variants) TABLENAME VARNAME AUTH_ID (TEXT)
USRVART (short texts of variants) TABLENAME VARNAME VTEXT LANGU
USCRAUTHID (definition of critical authorizations) TABLENAME AUTH_ID AUTH_COLOR T_CODE
USCRAUIDT (short texts of critical authorizations) TABLENAME AUTH_ID TEXT LANGU
USCRAUTH (details about critical authorizations) TABLENAME AUTH_ID CR_AUTH OBJCT FIELD LOW HIGH SEARCHTYP


Limitations



  • The “Text-Search” is not finished

  • Garbage in - garbage out: There exist some input checks on the data but you should only use correct files to avoid trouble.

  • If you enter wrong, duplicate data you might get a dump.

  • If the file is locked in Excel you might run into trouble

  • No transport interface. If you want to transport the definitions you

  • Use transaction SU_VCUSRVAR_CHANGE to add them to a transport.


Related links


Online Documentation – Users with Critical Authorizations (RSUSR008_009_NEW)
https://help.sap.com/viewer/c6e6d078ab99452db94ed7b3b7bbcccf/7.4.24/en-US/f9558f40f3b19920e10000000a...
10 Comments