Show TOC

Analyzing Users with Critical AuthorizationsLocate this document in the navigation structure

With the following procedure, you first define critical authorizations and the associated authorization data. You then combine the critical authorizations into a variant with which you then perform the evaluation.


  1. Start the report in the User Information System (transaction SUIM) by choosing Start of the navigation path Users Next navigation step With Critical Authorizations End of the navigation path.
  2. To maintain critical authorizations, choose Critical Authorizations on the initial screen.

    A dialog box appears that displays four folders, which form two hierarchies:

    • Variants for Critical AuthorizationsCritical Authorization
    • Critical AuthorizationAuthorization Data

      The Critical Authorization folder consists of the IDs of critical authorizations. Each ID contains a list with critical data. The IDs are used to define report variants.

  3. In change mode, open the Critical Authorization folder in the lower hierarchy by double-clicking it, and choose New Entries.
  4. Specify the following data in the table control:
    • The name of the ID in accordance with the naming convention (customer namespace)
    • A text
    • The color in the result list
    • The transaction code, if required
  5. Save your entries.
  6. To maintain the authorization data, select the entry that you have just created and open the Authorization Data folder by double-clicking it.
    1. Choose New Entries.
    2. Fill out all required fields, which are identified with an asterisk (*).

      Note the following when filling out the fields:

      • All entries within a group must have the same operand AND or OR. The individual groups are essentially linked with AND. An OR link is not possible.
      • You can specify critical data for different authorization objects within the same group.
      • If you specify a transaction code for an ID, all authorization data required to execute the transaction and maintained in transaction SE93 is automatically entered as critical data, after you have confirmed and saved the dialog box.
      • If you leave the From field empty, the program searches for authorizations with spaces for the specified field and object. If you enter an asterisk (*) in the From field, the report searches for full authorization for the specified field. (See SAP Notes 216557 Information published on SAP site and 674212 Information published on SAP site.)
    3. Save your entries.
  7. Create a variant.
    1. Double-click the folder Variants for Critical Authorizations, and then choose New Entries.
    2. Enter the name and description of the variant.
    3. Save your entries.
  8. Assign the IDs of critical authorizations to the variant that you have just created.
    1. Select the variant and double-click the Critical Authorization folder under the Variants for Critical Authorizations folder.
    2. Choose New Entries.
    3. Use the input help to choose existing IDs.
    4. Save your entries.
  9. Execute the report variant with critical authorizations.
    1. Select the initial screen of the report, choose the option For Critical Authorizations under Name of the Variant.
    2. Use the input help to select an existing variant, and choose Execute.
    The users identified for each ID are displayed by the program in the result list.