Report RSUSR009 is obsolete and has been replaced by report RSUSR008_009_NEW. You can start this report in the User Information System by choosing Users ® With Critical Authorizations (New Version).
You can use this report to determine the users that have critical combinations of authorizations, as defined in table USKRIA.
A table entry consists of the specification of an authorization object with field name and field value. The entries are combined using a common four-character ID and the logical linking operators AND or OR.
Example of an Entry Schema
ID |
Object |
Field |
From |
To |
AND/OR |
Text For |
Color |
ZT01 |
S_TABU_DIS |
ACTVT |
02 |
03 |
AND |
Combination1 |
1 |
ZT01 |
S_TABU_DIS |
DICBERCLS |
PSNO |
|
AND |
|
1 |
ZT01 |
S_TCODE |
TCD |
SU01 |
|
AND |
|
1 |
In the above example, a user is displayed in the result list if all three authorizations are contained in his or her user master record. Critical combinations for the same object must exist in the same authorization (see SAP Note 674212). If the linkage OR was used instead of AND, the user would be displayed in the result list if he or she had only one of the three authorizations in his or her user master record.
You can call the maintenance dialog for creating and changing entries in table USKRIA both on the initial screen and from the result list of the report.
· Within one ID, use only uniform and completely entered linking operators (exclusively AND or exclusively OR).
· There is no input help available for entering authorization objects, fields, and field values.
· You can copy the defaults delivered by SAP (again) by choosing SAP Default (Control and F3).
When you do so, you overwrite all previously maintained entries.
· Table USKRIA is a cross-client table. This means that you cannot maintain this table in systems that are locked for cross-client Customizing. In this case, you must deliver the data by transport from the development system.
You can restrict the evaluation by critical combinations by choosing the button Change Crit.Comb. to call the table of combinations and deleting or changing table rows as required.
...
1. Start the user information system (transaction SUIM).
2. Expand the Users node.
3. Choose the option Execute next to List of Users with Critical Authorizations.
4. Choose Change Crit. Comb..
The Entry of Critical Authorizations for Report RSUSR009 view appears, on which you can enter the critical authorizations in a table. You can also call this screen from the result list by choosing Change Crit. Auth..
5. You can delete the existing combinations or add new combinations by choosing New Entries.
6. To create new combinations, enter the required data. For more information, see the above example.
Data of a Critical Authorization
Field |
Comment |
ID |
Name of the authorization objects link |
Object |
Name of the authorization object |
Field Name |
Name of the authorization field. Optional specification, without which, the system searches in the user master records only for the authorization object. |
From |
First authorization value. Optional specification, without which, the system searches in the user master records only for the authorization object. If you leave the From field empty, the program searches for authorizations with spaces for the specified field and object (see SAP Note 674212). If you enter an asterisk (*) in the From field, the report searches for full authorization for the specified field. For fields with fixed values, the report searches for authorizations that contain all possible fixed values and displays the users to which authorizations of this type are assigned. |
To |
Last authorization value. Optional specification, without which, the system searches in the user master records only for the authorization object. |
AND/OR |
Linkage type |
Text for Critical Authorizations |
Enter a short text to explain the critical combination in the Text for Critical Authorizations field of the first entry of each ID. This text is displayed in the result list after the report has been executed. Any texts that are not in the first entry are not taken into account. |
Color |
You can assign any critical combination a number from 1 to 7 in the Color field to define the background color of the ID in the result list. The numbers correspond to the following colors: Color: 1 = blue, 2 = white, 3 = yellow, 4 = turquoise, 5 = green, 6 = red, 7 = purple The color code only takes effect if you maintain it completely for all entries of the ID, and all entries are identical. The default setting is red. |
7. Save your entries in a transport request.
8. Choose Back and Execute.
The system displays a list of all users that have the combination of authorizations for which you are searching.