SE03 – Objects in Transports

The SE03 transaction (Transport Organizer Tools) is certainly not a security specific application. However it provides at least one report which I find to be invaluable in managing security transports. Basically the report provides all transports (modifiable/ released) which contain a particular role.

We start with the initial screen for SE03 which is really a kind of cockpit to run various applications for transports.

SE03 - Transport Organizer Tools
SE03 - Transport Organizer Tools

We chose the report “Search for Objects in Requests/Tasks” which gets us to the next screen. To search for roles we need to enter a line with object type ACGR (Activity Group which is old SAP terminology for role), check the relevant boxes as shown and click the execute button.

SE03 - Search for Objects in Transports
SE03 - Search for Objects in Transports

The output of the report display all transports which contained the affected role.

SE03 - Search for Objects in Transports Report
SE03 - Search for Objects in Transports Report

Though we have just used it for search for roles, we can search for any development objects like Programs, Tables, Org Criterions to ensure that the latest transports are all moved to Production or that no unreleased transports for an object remains in the system.

Security Tables

The names of most Security tables begin with USR, AGR or UST. Here are a few of the most common ones

  • USR02 – Users with logon data
  • USR04 – Users by authorization profile assignment
  • USR05 – Users by user parameters
  • USR10 – Profiles with authorizations
  • ARR_1251 – Authorization data for roles
  • AGR_1252 – Organizational data for roles
  • AGR_USERS – Roles assigned to users
  • AGR_PROF – Profiles defined for roles
  • AGR_HIER – Menu for a role
  • AGR_TIME – Change date/time for a role

SQVI – Quickviewer

Like the Data Browser (SE16) reviewed in the last article, Quickviewer (transaction SQVI) is very useful tool for quick and dirty reporting through Adhoc Queries. The advantage of using Quickviewer is it ability to perform table joins enables us to display data from multiple tables.

In the example below, we create a query to return the tcodes executable by an indivdual user. We name the query “Z_USER_TCODE” using table join.

SQVI - Initial Screen
SQVI - Initial Screen
SQVI - Query Definition
SQVI - Query Definition

On clicking the check button, we get to the design window shown below. We insert the three tables which we will be using for our report and add graphically add the join conditions as shown below.

SQVI - Join Conditions
SQVI - Join Conditions

Once the data sources and join conditions are set up, we need to check the fields appearing in the selection and list output. We have the option or changing the field order of both the selection and list screens or even the sort order of the resulting data.

SQVI - Selection & List Fields
SQVI - Selection & List Fields

We now save our query and click the execute button. In the example, we filter the query to return the tcodes for user “test_user”.

SQVI - Query Selection Screen
SQVI - Query Selection Screen

The output returns a list of tcodes that can be executed by the user and also the role which contains the tcode.

SQVI - List Output
SQVI - List Output

User Information System

The User Information System (transaction SUIM) is a set of reports on user-authorization data which allows security administrators to query on authorization data . SUIM is all the more important since standard table maintenance transactions like SE16 are restricted from many users in productive systems.

The initial SUIM screen shows us all the defined reports from which we can select and execute the ones needed for our analysis. We can query for users, roles, profiles, authorizations, authorization objects as well as on the change documents for any of these objects.

SUIM - Initial Screen
SUIM - Initial Screen

We take an example report, “Roles by Complex Selection Criteria” and search for roles with access to the transa ction SU01 and the authorization object S_USER_GRP.

SUIM - Roles by Complex Selection Criteria
SUIM - Roles by Complex Selection Criteria

The query results show all roles which match the selection criteria.

SUIM - Query Result
SUIM - Query Result