RE: [sap-security] Users with two opposite roles
Posted by
Admin at
Share this post:
|
0 Comments
Posted by Dave Thornburgh (SAP JOAT) on Apr 30 at 2:33 PM | Mark as helpful |
Thierry -
From the other thread that had the same exact question:
"Third solution: Make sure your user compare is up to date (PFUD or equivalent), and use SUIM -> User -> Users by Complex Selection Criteria -> Profile "x" AND Profile "y" (choosing a profile that is unique to each role)."
Dave
From: Thierry Kennes via sap-security [mailto:sap-security@Groups.ITtoolbox.com]
Sent: Friday, April 30, 2010 2:37 AM
To: Dave Thornburgh
Subject: Re: [sap-security] Users with two opposite roles
Posted by Thierry Kennes (SAP BC Admin)
on Apr 30 at 6:23 AM Mark as helpful
This method does what I was looking for, but if anyone has a better way to
do it, via SUIM for example, it would be better.
Regards,
On Fri, Apr 30, 2010 at 11:33 AM, Thierry Kennes <tpkennes@gmail.com> wrote:
> Hi,
>
> just to let you know how I did this since I'm not familiar with Excel :)
>
> First, I changed the display by setting "ALV grid display" in SE16 -
> settings->user parameters->data browser.
>
> 1. I runned SE16 with table AGR_USERS, selected all users having Z_READ
> role (field AGR_NAME="Z_READ")
>
> 2. I openned a new session with SE16 with table AGR_USERS. Went to
> "Multiple selection" (yellow arrow on right) of field AGR_NAME and entered
> the role Z_WRITE on tabscript "Select Single Values" and entered Z_READ on
> tabscript "Excluse Single Values. I then went to "Multiple selection" of
> field UNAME and enter all users from p.1 (by copy/paste).
>
> By doing this, I get the list of users that shouldn't have that specific
> role (Z_WRITE).
>
>
>
> On Fri, Apr 30, 2010 at 9:59 AM, Thierry Kennes via sap-security <
> sap-security@groups.ittoolbox.com> wrote:
>
>>
>> Posted by Thierry Kennes (SAP BC
>> Admin)
>> on Apr 30 at 3:58 AM
>> Thank you all for your answer.
>>
>> I guess I will use excel to do that since I couldn't find anything within
>> SUIM.
>>
>> Regards,
>>
>> On Thu, Apr 29, 2010 at 7:32 PM, SAP_Secure via sap-security <
>> sap-security@groups.ittoolbox.com> wrote:
>>
>> > Posted by SAP_Secure(SAP NW Security Consultant)
>> > on Apr 29 at 1:34 PM
>> > Hi Thierry
>> >
>> > First I would execute PFUD to clean up any left over information from
>> > adds/removes for roles. Then if I remember correctly, I beleive that
>> SUIM
>> > has a report eother Users of Roles that you can enter an AND statement
>> hence
>> > "Select * where roles = 'Z_READ and Z_WRITE" .
>> >
>> > Good Luck
>> > Chris Sugg
>> >
>> > ---------------Original Message---------------
>> > From: Thierry Kennes
>> > Sent: Thursday, April 29, 2010 11:22 AM
>> > Subject: Users with two opposite roles
>> >
>> > > Hello,
>> > >
>> > > I'm looking for a way to find every users that has two opposite roles.
>>
>> > >
>> > > For example, for security reason, a same user cannot have Z_READ and
>> > Z_WRITE.
>> > >
>> > > How to find that list ?
>> > >
>> > > I tried by using SUIM > User > By role and filling the two roles, but
>> it
>> > gives a list of users having either Z_READ or Z_WRITE or BOTH. But what
>> I'd
>> > like is a list of users having at the same Z_READ AND Z_WRITE.
>> > >
>> > > Thanks
__.____._ From the other thread that had the same exact question:
"Third solution: Make sure your user compare is up to date (PFUD or equivalent), and use SUIM -> User -> Users by Complex Selection Criteria -> Profile "x" AND Profile "y" (choosing a profile that is unique to each role)."
Dave
From: Thierry Kennes via sap-security [mailto:sap-security@Groups.ITtoolbox.com]
Sent: Friday, April 30, 2010 2:37 AM
To: Dave Thornburgh
Subject: Re: [sap-security] Users with two opposite roles
Posted by Thierry Kennes (SAP BC Admin)
on Apr 30 at 6:23 AM Mark as helpful
This method does what I was looking for, but if anyone has a better way to
do it, via SUIM for example, it would be better.
Regards,
On Fri, Apr 30, 2010 at 11:33 AM, Thierry Kennes <tpkennes@gmail.com> wrote:
> Hi,
>
> just to let you know how I did this since I'm not familiar with Excel :)
>
> First, I changed the display by setting "ALV grid display" in SE16 -
> settings->user parameters->data browser.
>
> 1. I runned SE16 with table AGR_USERS, selected all users having Z_READ
> role (field AGR_NAME="Z_READ")
>
> 2. I openned a new session with SE16 with table AGR_USERS. Went to
> "Multiple selection" (yellow arrow on right) of field AGR_NAME and entered
> the role Z_WRITE on tabscript "Select Single Values" and entered Z_READ on
> tabscript "Excluse Single Values. I then went to "Multiple selection" of
> field UNAME and enter all users from p.1 (by copy/paste).
>
> By doing this, I get the list of users that shouldn't have that specific
> role (Z_WRITE).
>
>
>
> On Fri, Apr 30, 2010 at 9:59 AM, Thierry Kennes via sap-security <
> sap-security@groups.ittoolbox.com> wrote:
>
>>
>> Posted by Thierry Kennes (SAP BC
>> Admin)
>> on Apr 30 at 3:58 AM
>> Thank you all for your answer.
>>
>> I guess I will use excel to do that since I couldn't find anything within
>> SUIM.
>>
>> Regards,
>>
>> On Thu, Apr 29, 2010 at 7:32 PM, SAP_Secure via sap-security <
>> sap-security@groups.ittoolbox.com> wrote:
>>
>> > Posted by SAP_Secure(SAP NW Security Consultant)
>> > on Apr 29 at 1:34 PM
>> > Hi Thierry
>> >
>> > First I would execute PFUD to clean up any left over information from
>> > adds/removes for roles. Then if I remember correctly, I beleive that
>> SUIM
>> > has a report eother Users of Roles that you can enter an AND statement
>> hence
>> > "Select * where roles = 'Z_READ and Z_WRITE" .
>> >
>> > Good Luck
>> > Chris Sugg
>> >
>> > ---------------Original Message---------------
>> > From: Thierry Kennes
>> > Sent: Thursday, April 29, 2010 11:22 AM
>> > Subject: Users with two opposite roles
>> >
>> > > Hello,
>> > >
>> > > I'm looking for a way to find every users that has two opposite roles.
>>
>> > >
>> > > For example, for security reason, a same user cannot have Z_READ and
>> > Z_WRITE.
>> > >
>> > > How to find that list ?
>> > >
>> > > I tried by using SUIM > User > By role and filling the two roles, but
>> it
>> > gives a list of users having either Z_READ or Z_WRITE or BOTH. But what
>> I'd
>> > like is a list of users having at the same Z_READ AND Z_WRITE.
>> > >
>> > > Thanks
Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
In the Spotlight
_.____.__ Your SAP Security is at Risk...Learn How to Stay Protected. Read the free white paper from SenSage