You can use the User Information System (transaction SUIM) to obtain an overview of the authorizations and users in your SAP system at any time using search criteria that you define. In particular, you can display lists of users to whom authorizations classified as critical are assigned.
To explicitly search for authorizations that contain the full authorization asterisk (*), you need to enter a number sign (#) before the asterisk, that is, search for #*. Otherwise, the system searches for any values.
You can also use the User Information System to:
● Compare roles and users
● Display change documents for the authorization profile of a user
● Display the transactions contained in a role
● Create where-used lists
We recommend that you regularly check the various lists that are important for you. Define a monitoring procedure and corresponding checklists to make sure that you continually review your authorization plan.
We especially recommend you determine which authorizations you consider critical and regularly review which users have these authorizations in their profiles.
The possible evaluations are described in the following sections:
● Determining Users with the Users Node
● Determining Roles, Profiles, Authorizations, and Authorization Objects
● Comparing Cross-System Users, Authorizations, Roles, and Profiles
● Creating Where-Used Lists for Profiles
● Creating Where-Used Lists for Authorization Objects
● Creating Where-Used Lists for Authorizations
● Creating Where-Used Lists for Authorization Values
● Determining Change Documents