The SE03 transaction (Transport Organizer Tools) is certainly not a security specific application. However it provides at least one report which I find to be invaluable in managing security transports. Basically the report provides all transports (modifiable/ released) which contain a particular role.
We start with the initial screen for SE03 which is really a kind of cockpit to run various applications for transports.
We chose the report “Search for Objects in Requests/Tasks” which gets us to the next screen. To search for roles we need to enter a line with object type ACGR (Activity Group which is old SAP terminology for role), check the relevant boxes as shown and click the execute button.
The output of the report display all transports which contained the affected role.
Though we have just used it for search for roles, we can search for any development objects like Programs, Tables, Org Criterions to ensure that the latest transports are all moved to Production or that no unreleased transports for an object remains in the system.
Like the Data Browser (SE16) reviewed in the last article, Quickviewer (transaction SQVI) is very useful tool for quick and dirty reporting through Adhoc Queries. The advantage of using Quickviewer is it ability to perform table joins enables us to display data from multiple tables.
In the example below, we create a query to return the tcodes executable by an indivdual user. We name the query “Z_USER_TCODE” using table join.
On clicking the check button, we get to the design window shown below. We insert the three tables which we will be using for our report and add graphically add the join conditions as shown below.
Once the data sources and join conditions are set up, we need to check the fields appearing in the selection and list output. We have the option or changing the field order of both the selection and list screens or even the sort order of the resulting data.
We now save our query and click the execute button. In the example, we filter the query to return the tcodes for user “test_user”.
The output returns a list of tcodes that can be executed by the user and also the role which contains the tcode.
The User Information System (transaction SUIM) is a set of reports on user-authorization data which allows security administrators to query on authorization data . SUIM is all the more important since standard table maintenance transactions like SE16 are restricted from many users in productive systems.
The initial SUIM screen shows us all the defined reports from which we can select and execute the ones needed for our analysis. We can query for users, roles, profiles, authorizations, authorization objects as well as on the change documents for any of these objects.
We take an example report, “Roles by Complex Selection Criteria” and search for roles with access to the transa ction SU01 and the authorization object S_USER_GRP.
The query results show all roles which match the selection criteria.