Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Segregation of Duties (SOD) - SAP Security Audit

Former Member
0 Kudos

Hi All,

Could I know how could we manage the users access and roles in SAP and review them regularly to make sure that there are no system breaches? I usually use SUIM, but it I'm looking for a report that I could run for multiple users against any new roles assigned. It would be great if someone could share with us his experience.

Best Regards,

Abdulla AlQassimi

1 ACCEPTED SOLUTION

m_coenjaerts
Explorer
0 Kudos

I'm not sure what your exact requirements are but they are other options:

  1. If you start PFCG and then go to menu Environment -> Display Changes, you can display changes to roles. For example you have the option to select only 'User Assignments' to display changes in user assigments. You have also various selection options such as selecting the roles, the start/end dates of the changes or a selection of users.
  2. You can download tables, using SE16/SE16N/SE17. Save them as text file, import in a speadsheet / database and use that for reports. Most important tables are: USR02 (The user master Data), AGR_USERS (Assignment of roles to users, together with information of who did the assignment and when). Other tables that can be used is : ADRP (contains address data, such as last name, firstname), and USR21 (to link the user ID of the USR02 to the address ID /pers. ID used in ADRP)

I hope this helps

5 REPLIES 5

m_coenjaerts
Explorer
0 Kudos

I'm not sure what your exact requirements are but they are other options:

  1. If you start PFCG and then go to menu Environment -> Display Changes, you can display changes to roles. For example you have the option to select only 'User Assignments' to display changes in user assigments. You have also various selection options such as selecting the roles, the start/end dates of the changes or a selection of users.
  2. You can download tables, using SE16/SE16N/SE17. Save them as text file, import in a speadsheet / database and use that for reports. Most important tables are: USR02 (The user master Data), AGR_USERS (Assignment of roles to users, together with information of who did the assignment and when). Other tables that can be used is : ADRP (contains address data, such as last name, firstname), and USR21 (to link the user ID of the USR02 to the address ID /pers. ID used in ADRP)

I hope this helps

0 Kudos

Hello,

another option is to use SAP GRC ARA (Access Risk Analysis) module, apart from running reports for SoD conflicts, you will also be able to run simulation / preventative SoD analysis for new access requests.

Best regards, Andrzej

0 Kudos

Thanks a lot that was very useful.

Appreciate your time.

0 Kudos

Hi ,

This looks interesting, must try it.

Thanks a lot for sharing.

Regards,

Abdulla

Former Member
0 Kudos

This message was moderated.