Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization for t-code SUIM

Go to solution
Former Member

‎05-03-2016 9:26 PM

0 Kudos

Hello Gurus, We need to authorize one user for transaction SUIM. As of now, we don't have any BASIS support and we are not likely to hire any BASIS consultant in the near future. Please let me know if there is any way to authorize one user for SUIM. If this question is posted in the wrong forum, please suggest where should this be posted. Thank you, Pravin

1 ACCEPTED SOLUTION

Go to solution
Colleen
Advisor
Advisor

‎05-04-2016 12:19 AM

0 Kudos

Hi Pravin

I'm going to assume a little innocence and assume that you are trying to put all of the related transactions (S_BCE*) for SUIM into the role and not just SUIM.

It is quite worrying that you say there is no Basis person and unlikely to get someone. But that's really between your system and your management. I can only imagine the challenges/mess that will be created over time.

In PFCG, instead of inserting just the transaction in the menu, choose to insert the Area Menu or SAP Standard menu. When the tree structure comes up, navigate to the user information system and add it. It will then add all items relating to it.

The question belongs more in the security space but I can see it being rejected for basic question/failed to search.

Regards

Colleen

10 REPLIES 10

Go to solution
Jelena
Active Contributor

‎05-03-2016 11:11 PM

0 Kudos

A bit ironic... Have you thought about using that same transaction SUIM to check which roles include it and then assigning one of those roles to the user?

Go to solution
Former Member
In response to Jelena

‎05-04-2016 4:33 AM

0 Kudos

Thank you Jelena for your reply. Unfortunately, no one in the organization is authorized for SUIM. Not a single role of all the users has SUIM. Best regards, Pravin

Go to solution
Colleen
Advisor
Advisor

‎05-04-2016 12:19 AM

0 Kudos

Hi Pravin

I'm going to assume a little innocence and assume that you are trying to put all of the related transactions (S_BCE*) for SUIM into the role and not just SUIM.

It is quite worrying that you say there is no Basis person and unlikely to get someone. But that's really between your system and your management. I can only imagine the challenges/mess that will be created over time.

In PFCG, instead of inserting just the transaction in the menu, choose to insert the Area Menu or SAP Standard menu. When the tree structure comes up, navigate to the user information system and add it. It will then add all items relating to it.

The question belongs more in the security space but I can see it being rejected for basic question/failed to search.

Regards

Colleen

Go to solution
Former Member
In response to Colleen

‎05-04-2016 4:42 AM

0 Kudos

Thank you Colleen for your suggestion. I will try the process you suggested. You bet it will worrying. As long as all processes run without any problems, no one will bother. I actually realized this as I wanted some transaction authorization but there is no one in the organization to provide it. Best regards, Pravin

Go to solution
Colleen
Advisor
Advisor
In response to Colleen

‎05-04-2016 4:49 AM

0 Kudos

who is doing all of the system monitoring, backups, health checks (sits with Basis)

Very big gamble to take on assumption that 'all processes run without any problems'

You might have a job opportunity to upskill in security if no-one is doing it.

Observation - how do you know no-one has SUIM if you don't have access to SUIM to check?

Go to solution
Former Member
In response to Colleen

‎05-04-2016 1:02 PM

0 Kudos

Hi Colleen, I have access of SU01, SU02, PFCG. So, when I tried SUIM, I realized I am not authorized and wanted to add an authorization to myself. At that time, I checked other users using t-code PFCG. I understand there is a gentleman who is backing up and monitoring but he is not a BASIS person. He is a superuser of MM, PP, SD. And yes, there is an opportunity to upskill and would like to explore that possibility. Thank you, Pravin

Go to solution
Colleen
Advisor
Advisor
In response to Colleen

‎05-04-2016 11:57 PM

0 Kudos

Hi Pravin

Are you using PFCG in development or Production? You should always use in Development and Transport. However, I recommend you check change documents of your role (via PFCG Environment menu you can get to it) in production to see if someone has made direct updates to Production. If they have, and you transport your change, you will lose access.

When there is not dedicated or trained security person, the system can become quite a mess fast.

You shouldn't need to use SU02 unless you are on a really old system (i.e. 3.1 version). All profiles should be generated by PFCG

If you are going to upskill then I recommend you get yourself on the ADM940 course to learn about SAP authorisations and how to build properly.

Regards

Colleen

Go to solution
Former Member
In response to Colleen

‎05-05-2016 3:26 PM

0 Kudos

Hi Colleen I haven't used any of the transactions so far - PFCG, SU01, SU02, etc. apart from just viewing the data. When I checked  DEV server, I realized that the roles were not created in DEV but in the PRD directly. I am certainly considering taking ADM940 you are suggesting. Looks like I have to take first SAPTEC or SAP01 as an "essential" prerequisite. Really appreciate your help and guidance. Thank you, Pravin

Go to solution
Colleen
Advisor
Advisor
In response to Colleen

‎05-06-2016 2:28 AM

0 Kudos

Hi Pravin

I personally haven't taken SAPTEC or SAP01. Not sure if you have to do them or if they are desired. It might be worth contacting SAP Education in your country to discuss.

However, if your employer supports you cross-skilling, a SAP Learning Hub subscription would get you all the course content and Learning Rooms access for the price of one course. You could then study as part of work or out of hours. You can then access SAPTEC, SAP01 and the ADM* course guides as well as other content to assist you. It's an annual subscription but may be a good investment in your situation.

It sounds like your system is a complete mess and your management's cost cutting by not having skilled administrators is showing you have a great opportunity to improve your system's security and learn a new skill

If everything has been built in Production, then you can download the roles form Prod and upload to Dev (assuming SU24 data matches - good chance that it's never been properly used). All of this is covered in ADM940.

Good luck.

Regards

Colleen

Go to solution
Former Member
In response to Colleen

‎05-06-2016 4:52 AM

0 Kudos

Hi Colleen,

I will check with my company if they are willing for subscription of SAP Learning Hub. I am even thinking of subscribing personally. It's around $ 4000 - more than I can easily pay but if the company is willing to pay that after completion of the course, I may go for it.

It is very likely that there will be a data mismatch because I know for sure that we don't have proper backup process due to hardware limitation and that is the reason some configurations are done directly in PRD server. Current data is not backed up in QAS so there are a lot of restrictions on testing any new processes or configuration.

As long as there are no major issues, I don't think the company will take corrective action.

Thank again for you valuable advice.

Best regards,

Pravin