Question:
Hi,
A user reported he had't got access to a tcode anymore. I want to identify when this happened and by who. It seems SUIM change documents can only show authorisations changes in terms of profile add or deletion, but not roles transported, right?
Then next questions is what is the best way to find it?
Thanks guys.
Answer:
Are you sure the transaction was actually taken from the user in some manner and not that the role containing the transaction doesn't need a User Comparison instead?
Answer:
Ask them which transaction they can no longer access and specifically the date they lost the access. Then check change documents on profiles to try to identify which role was changed on that date and if the t-code was removed. Also, they may have the t-code however are missing an underlying authorization object due to something that may have been removed or changed within profile.
Go to suim and run the report which shows all the transactions available for that user and see if they have the t-code.
Then there is the other scenario (which does happen) in that the person is not being truthful and they are trying to get around regular processes to get access to something and they never actually had the access to begin with. Generally if you run all the required reports and produce the proof they may simply apply to get that access via the proper channels.
Hope this helps
Answer:
We also had an incident recently in which support pack #48 for basis was applied (on 4.6C system) and it caused some problems in which users lost some roles and also a comparison or PFUD was required to be run everytime a role was applied to a user. Check to see if any new hotpack had been applied recently as this may also have caused a problem for you.
Answer:
We also had an incident recently in which support pack #48 for basis was applied (on 4.6C system) and it caused some problems in which users lost some roles and also a comparison or PFUD was required to be run everytime a role was applied to a user. Check to see if any new hotpack had been applied recently as this may also have caused a problem for you.
Answer:
thanks Guys.
The user cannot remember when because it is a tcode used not very often.
I am also interested in knowing what is the best way to check it out in this situation. we have table logging turned on. But not sure which table would have such information.