RE:[sap-security] SUIM RSUSR002 And vs. Or ECP 6.0
Posted by
Admin at
|
Share this post:
|
|
0 Comments
 | Posted by Jerry_Ake (Audit Project Leader) on Apr 29 at 10:41 AM |  Mark as helpful |
Hi, Mike. i'm an IT auditor and had posed this same question to our SAP security person recently. i had been looking for users who have certain transactions within an authorization object. The results showed users that had the trans and the auth object, but the trans were not linked to the authorization. The suggested solution was to use SUIM to identify "Roles by complex selection criteria" and "Selection according to authorization values". This choice specifically says "AND". I put the the authorization object of interest (e.g., S_IMG_ACTV) in Object 1, S_TCODE in Object 2, hit "Entry Values", added appropriate values ("02" under ACTVT for S_IMG_ACTV and "SPRO" under S_Tcode) and executed. The resulting screen shows roles, but you can use the User Assignment button (shift F10) to identify the users. This worked well for me since the results showed few roles and users. i haven't explored what to do to make this less labor intensive if there were many roles/users. I'd probbaly use ACL's DirectLink to join appropritate tables. Hope this helps.
---------------Original Message---------------
From: Mike Garofalo
Sent: Thursday, April 29, 2010 9:32 AM
Subject: SUIM RSUSR002 And vs. Or ECP 6.0
> When using the SUIM report "Users by Complex Selection", I am trying to find user accounts that are assigned to roles A AND B. The results I'm receiving appear to be all users with roles A OR B. Is there some way to change the operator from OR to AND?
>
> Thanks
> Mike.
__.____._ ---------------Original Message---------------
From: Mike Garofalo
Sent: Thursday, April 29, 2010 9:32 AM
Subject: SUIM RSUSR002 And vs. Or ECP 6.0
> When using the SUIM report "Users by Complex Selection", I am trying to find user accounts that are assigned to roles A AND B. The results I'm receiving appear to be all users with roles A OR B. Is there some way to change the operator from OR to AND?
>
> Thanks
> Mike.
Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
In the Spotlight
Your SAP Security is at Risk...Learn How to Stay Protected. Read the free white paper from SenSage
View this thread online
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
_.____.__ 
