There are a number of evaluation options available to you using the Users node. These are explained below.
Evaluation Options for the Users Node
Cross-System Information
You can only perform these evaluations in the central system of a Central User Administration (CUA). This also means that you can only use these reports if you are using a CUA. The procedure is explained using an example of Users by System.
· Users by System (RSUSR_SYSINFO_ZBV)
To, for example, display the list of users on a child system, follow the procedure below:
a. Start the user information system (transaction SUIM) in the central system of the central user administration.
b. Expand the nodes Users and Cross-System Information (Central User-Administration).
c. Choose the Execute option next to Users by System.
d. You now have the following options:
§ To determine the CUA systems in which a certain user exists, enter the name of the user, and then choose Execute.
§ To determine all or some of the users in one or more CUA systems, either enter the user name only a placeholder or some of the name and the placeholder, such as FER*.
The result list appears. Depending on your selection, the user names and receiving systems are displayed as well as the last outbound Idoc number of the respective user master record.
For the reports Users by Role and Users by Profile, you can restrict the selection further:
· Users by Role (RSUSR_SYSINFO_ROLE)
You can additionally restrict the selection using the name and validity of the role assigned to the user: all roles that exist and that are valid today or during a particular time period.
Users by Profile (RSUSR_SYSINFO_PROFILE)
You can also restrict the selection using the names of the profiles assigned to the user. For example, to find all users with the profile SAP_ALL in all child systems, enter SAP_ALL in the Profile field and choose Execute.
Users by Address Data (RSUSR002_ADDRESS)
You perform the procedure for evaluating with the same generic input options (placeholder asterisk and multiple selection). To obtain a result, the corresponding criteria, such as room, must be maintained in the user data.
Users by Complex Selection Criteria (RSUSR002)
This evaluation provides a total screen Users by Complex Selection Criteria on which subordinate selection criteria that can also be used directly (such as by user name, by role, by authorization values) are combined. To obtain users, restrict the selection by entering data in the fields. If you execute the report without making any entries, all users of the current system are displayed.
To compare, for example, the master records of two users at the level of authorization for an object, follow this procedure:
...
1. In your SAP System, open two session to perform the procedure in parallel for both authorization objects to be compared.
2. In the user information system, choose Users ® Users by complex selection criteria ® by user ID, or execute report RSUSR002 using transaction SA38.
3. Enter the user name in the user field and choose Execute.
4. Choose Execute.
5. By double clicking the user name, you can display the list for the user.
6. Select the first node <user name>, and choose Select/Expand Subtree.
The Restrict User Values to the Following Simple Profiles and Auth. Objs screen appears.
7. Specify the authorization object to be compared, such as F_BKPF_BUK, and choose Execute.
In the hierarchy display of the user master record, all branches that contain authorizations for the selected object are expanded.
By critical combinations of authorizations at transaction start (RSUSR008)
This evaluation allows you to monitor task separation. It lists all users that simultaneously have authorizations for up to five transactions whose combination was rated as critical. The authorization object S_TCODE is checked.
You can use the Display Critical Combinations button to activate or deactivate the SAP proposals for each line in the Deletion Indicator column , by choosing inactive or SAP Proposals.
You can also permanently restrict the evaluation by critical combinations. To do this, choose the change button Crit.Comb. to call the table of combinations and delete or change table rows as required. However, you can only import SAP proposals again during the next upgrade.
With incorrect logon attempts (RSUSR006)
This evaluation is started immediately without additional selection criteria when you choose Execute in the User Information System. The result list displays all users with incorrect logon attempts:
· Number of incorrect logon attempts (users that are not locked)
· Users locked due to incorrect logon attempts
· Users locked by administration
· Users locked globally in the central system (if you are using CUA)
· Users locked locally and globally by the administration (if you are using CUA)
This evaluation also displays the date and time of the last logon.
By logon date and password change (RSUSR200)
You can determine the date of the last logon and whether the user in question has changed his or her initial password. To do this, use either a variant with predefined selection criteria (Get Variant) or specify selection criteria yourself (with multiple selection and generic input). The selection criteria Days since last logon and Days since password change means that at least the specified number of days have passed since the last logon or password change.
The entries in the Last Change and Password Changed columns of the result list mean the following:
Last Change
Row | Explanation |
unused | The has not yet logged on to this system. |
with date and time | The user last logged on at the specified date and time. |
Password Changed
Row | Explanation |
| The password is initial; that is, the user has not yet changed it. |
with date | The user changed his or her password on the specified date. |
with date | The user has not logged on to the system again since the administrator changed the password. |
inactive | The password has been deactivated. |
To change a user in the result list, select it and choose Select. The user maintenance transaction (transaction SU01) appears.
With critical authorizations (RSUSR009)
You can restrict the evaluation by critical combinations by choosing the change button Crit.Comb. to call the table of combinations and deleting or changing table rows as required.
If you want to evaluate the proposals delivered by SAP for critical authorizations again, choose the Proposals button. Note that this overwrites the existing proposals.
Do not user both of the operators AND and OR in a single identifier. Otherwise, the result list is incorrect.
...
1. Start the user information system (transaction SUIM).
2. Expand the nodes User and Users by Complex Selection Criteria.
3. Choose the option Execute next to List of Users with Critical Authorizations.
4. Choose Crit.Auth.
The Entry of Critical Authorizations for Report RSUSR009 view appears, on which you can enter the critical authorizations in a table.
The table contains the following columns:
¡ ID: Name of the authorization objects link
¡ Object: Name of the authorization object
¡ Field name: Name of the authorization field (optional entry, without which, the system searches only in the user master records for the authorization object)
¡ From: First authorization value (optional entry, without which, the system searches only in the user master records for the authorization object)
¡ to: Last authorization value (optional entry, without which, the system searches only in the user master records for the authorization object)
¡ AND/OR: Link type
¡ Text for critical auth.: Text that is displayed in the result list.
¡ Color: 1 = red, 2 = white, 3 = yellow, 4 = purple, 5 = green, 6 = red, 7 = orange
5. Choose Back and Execute.
No comments:
Post a Comment