on 08-19-2014 8:34 PM
Hi,
I'm currently looking at a number of users with access to sensitive transactions (e.g. SCC4).
When looking at a combination of the AGR_ROLES and AGR_TCODES tables I can see there is currently only one active role and one active user assigned this access which would fall in line with what was to be expected based on the population I am looking at (we're not concentrating on auth object level for now).
However when I go through SUIM and filter on users by complex criteria and enter transaction code SCC4, about 20-30 users pop up (this is how many people used to be assigned access to SCC4).
When access was removed for these 20-30 users, it was done at 'role level' so my question is, even if roles have been removed, when looking through SUIM would a user still appear to have transactions associated with that role assigned - if so, why does this happen? I assumed once a role is removed it would removed the underlying transactions etc with it?
My assumption at the moment is that even though SUIM is showing users still have access to SCC4 they can't actually use it as the role it was associated with has been removed.
Any help/clarity on this would be greatly appreciated.
Hi Johnny,
Please do perform the User comparison.
Goto PFCG -> Role Name -> user comparision
then check in SUIM still user is having that Tcode or not .
for detail
Go to SUIM
Roles by complex selection criteria -> put Tcode there
it will give you Roles name having that tcode . and then you go to that Role and you will get list of Users in PFCG (User assignment Tab) .
same goes with User
SUIM - Users by complex selection criteria - > put tcode -> Profiles associated with - > roles assosiated with it .
But i suggest after you make any changes to Role / Profile you please do user comparision .
Regards
Dishant Pathak
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Johnny,
Have u already checked if the users have any profiles directly assigned?
Might be helpful to run SUIM again to find out what roles and profiles those users have with authorization to transaction SCC4.
SUIM -> roles -> roles by complex criteria -> fill transaction and the users
The same for profiles.
BR,
Anaer
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
99 | |
11 | |
11 | |
6 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.