Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Question: If i run a query on 8th of September in SUIM looking for users which have e.g. access to S_TCODE SU01. This TCODE is only covered by role 1 with the end date 31.12.2009. Answer: Yes, it will still show up, as the role is still assigned - the profile however, is no longer assigned. That is assuming that you are running the user compare job on a periodic basis. Further which of the following is best practise or preffered when a user changes function: 1. Delete the role that the user does not need anymore or 2. Put an end date for the role that is not needed anymore. I would go with 1, as leaving the roles there makes the reporting a lot more messy as you mention. From a risk point of view, there isn't really any. SUIM shows you the right answer, but are you asking the right question? ;-) /henrik On 8 September 2010 12:59, asifali via sap-security < sap-security@groups.ittoolbox.com> wrote: > Posted by asifali(BBA RE CIA CISA) > on Sep 7 at 11:01 PM Sap Guru's, > > I have a question regarding the working of Suim. Lets say you have the > following hypothetical situation. > > User: KLM1234 > User Validity: 31.12.9999 > Roles (1): Z_Tasks_for_administrator => Role validity till 31.12.2009 > Roles (2): Z_Reporting_For_Finance => Role validity till 31.12.9999 > > Question: > If i run a query on 8th of September in SUIM looking for users which have > e.g. access to S_TCODE SU01. This TCODE is only covered by role 1 with the > end date 31.12.2009. > > Will Suim report the user even if the role has an end date which has passed > (31.12.2009)? > > Further which of the following is best practise or preffered when a user > changes function: > 1. Delete the role that the user does not need anymore or > 2. Put an end date for the role that is not needed anymore. > > I myself have preferences for option 1, considering that somebody working > for a company for 20 years and changing jobs every 3/4 years, option 2 would > be from maintenance and risk perspective less desirable. Further considering > SUIM it may result in not accurate results. > > Waiting for your reply! > > Kind Regards, > Asif | __.____._ Copyright © 2010 Toolbox.com and message author. Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251 | | henrikmadsen2 SAP Security Helper
Posted helpful replies on 5 threads in a group to earn a Bronze Achievement _.____.__ |