Start of Content Area

Procedure documentation With Critical Authorizations (RSUSR009)  Locate the document in its SAP Library structure

Use

Note

Report RSUSR009 is obsolete and has been replaced by report RSUSR008_009_NEW. You can start this report in the User Information System by choosing Users ® With Critical Authorizations (New Version).

You can use this report to determine the users that have critical combinations of authorizations, as defined in table USKRIA.

A table entry consists of the specification of an authorization object with field name and field value. The entries are combined using a common four-character ID and the logical linking operators AND or OR.

Example of an Entry Schema

ID

Object

Field

From

To

AND/OR

Text For

Color

ZT01

S_TABU_DIS

ACTVT

02

03

AND

Combination1

1

ZT01

S_TABU_DIS

DICBERCLS

PSNO

 

AND

 

1

ZT01

S_TCODE

TCD

SU01

 

AND

 

1

In the above example, a user is displayed in the result list if all three authorizations are contained in his or her user master record. Critical combinations for the same object must exist in the same authorization (see SAP Note 674212). If the linkage OR was used instead of AND, the user would be displayed in the result list if he or she had only one of the three authorizations in his or her user master record.

You can call the maintenance dialog for creating and changing entries in table USKRIA both on the initial screen and from the result list of the report.

Notes on Maintaining Critical Authorizations

·        Within one ID, use only uniform and completely entered linking operators (exclusively AND or exclusively OR).

·        There is no input help available for entering authorization objects, fields, and field values.

·        You can copy the defaults delivered by SAP (again) by choosing SAP Default (Control and F3).

Caution

When you do so, you overwrite all previously maintained entries.

·        Table USKRIA is a cross-client table. This means that you cannot maintain this table in systems that are locked for cross-client Customizing. In this case, you must deliver the data by transport from the development system.

Procedure

You can restrict the evaluation by critical combinations by choosing the button Change Crit.Comb. to call the table of combinations and deleting or changing table rows as required.

...

       1.      Start the user information system (transaction SUIM).

       2.      Expand the Users node.

       3.      Choose the option Execute next to List of Users with Critical Authorizations.

       4.      Choose Change Crit. Comb..

The Entry of Critical Authorizations for Report RSUSR009 view appears, on which you can enter the critical authorizations in a table. You can also call this screen from the result list by choosing Change Crit. Auth..

       5.      You can delete the existing combinations or add new combinations by choosing New Entries.

       6.      To create new combinations, enter the required data. For more information, see the above example.

Data of a Critical Authorization

Field

Comment

ID

Name of the authorization objects link

Object

Name of the authorization object

Field Name

Name of the authorization field. Optional specification, without which, the system searches in the user master records only for the authorization object.

From

First authorization value.

Optional specification, without which, the system searches in the user master records only for the authorization object.

If you leave the From field empty, the program searches for authorizations with spaces for the specified field and object (see SAP Note 674212).

If you enter an asterisk (*) in the From field, the report searches for full authorization for the specified field.

For fields with fixed values, the report searches for authorizations that contain all possible fixed values and displays the users to which authorizations of this type are assigned.

To

Last authorization value.

Optional specification, without which, the system searches in the user master records only for the authorization object.

AND/OR

Linkage type

Text for Critical Authorizations

Enter a short text to explain the critical combination in the Text for Critical Authorizations field of the first entry of each ID. This text is displayed in the result list after the report has been executed.

Any texts that are not in the first entry are not taken into account.

Color

You can assign any critical combination a number from 1 to 7 in the Color field to define the background color of the ID in the result list. The numbers correspond to the following colors:

Color: 1 = blue, 2 = white, 3 = yellow, 4 = turquoise, 5 = green, 6 = red, 7 = purple

The color code only takes effect if you maintain it completely for all entries of the ID, and all entries are identical. The default setting is red.

       7.      Save your entries in a transport request.

       8.      Choose Back and Execute.

Result

The system displays a list of all users that have the combination of authorizations for which you are searching.

 

End of Content Area