Do Some Authorization Detective Work with the User Information System

  • by Tero Tukiainen, SAP Authorizations Consultant, SAPORT Consulting
  • June 10, 2009
Learn how to create, implement, and maintain a solid authorizations concept using transaction SUIM.
Key Concept

You can use transaction SUIM (user information system) to verify different authorizations-related functionalities. It can verify authorizations assigned to a specific user or multiple users. SUIM can also verify contents of roles and compare authorizations of two user IDs or two roles. For example, say two users within the same team have exactly the same authorizations. One user can complete all her tasks, yet the other user is getting error messages about missing authorizations. You can run a comparison to verify whether there are any differences between the user IDs and specify what the differences are.

Transaction SUIM (user information system) can help you create and implement a solid authorizations concept, thus protecting your system from possible misuse. After you have defined the critical authorizations or combinations, you can generate multiple reports on roles and authorizations for monitoring purposes. This enables solid Sarbanes-Oxley and auditing compliance because by running the reports you can verify that all users have the correct authorizations at all times.

I’ll highlight transaction SUIM’s use for three example reports. I chose these three because they are all needed for monitoring purposes:

  • Critical authorizations (such as access to salary data or access to a Social Security number)

  • User IDs that have not been used in a long time

  • Passwords that either have never been changed or haven’t been changed in a long time

Tero Tukiainen

Tero Tukiainen is the managing partner of SAPORT Consulting Inc, which he founded in 2009. He is an SAP HR-certified consultant who has specialized in SAP security and authorizations since 2000. Tero has spoken at SAP HR conferences in both Europe and the US since 2005.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.