HOW-TO Use SAP SUIM OR RSUSR008_009_NEW t Analysing Critical Authrisatins Len Ye Cntents Preface... 2 Access the Prgram... 2 Analysing Users with Critical Authrisatins... 3 Defining Critical Authrisatins... 3 Create a variant... 7 Execute the reprt variant with critical authrisatins.... 8
Preface SAP upgraded SUIM (User Infrmatin System) which runs prgram RSUSR008_009_NEW as f SAP Web AS 6.20 with the fllwing Supprt Packages: SAP Web AS 6.20, as f SAPKB62039 SAP Web AS 6.40, as f SAPKB64003 Access the Prgram Transactin SUIM Chse User With Critical Authrisatins OR, Use transactin SA38 Use Prgram RSUSR008_009_NEW. Bth brings the fllwing screen up
Analysing Users with Critical Authrisatins Yu need first define critical authrisatins and then cmbine the critical authrisatins int a variant then yu run the variant. Defining Critical Authrisatins Chse n the initial screen. A dialg bx appears: On the left side Dialg Structure it displays fur flders, which frm tw hierarchies: Variants fr Critical Authrisatins Critical Authrisatins Critical Authrisatin Authrisatin Data Duble click the Critical Authrisatin flder and chse Then yu can enter the Critical Authrisatin IDs r cpy frm a spread-sheet (see the user cntributed dcumentatin under ISACA SAP tpic). The fllwing screen is based n the cpied infrmatin frm the SAP Critical Authrisatins. Please nte that the clur draw dwn can nly be manually chsen ne by ne.
Save yur entries. Duble click the Authrisatin Data flder. A new view appears. Chse New Entries. Fill ut all required fields, with an asterisk (*). Nte the fllwing when filling ut the fields: All entries within a grup must have the same perand AND r OR. The individual grups are essentially linked with AND. An OR link is nt
allwed (errr messages will be shwn when yu run the variant later. Yu can fix any errrs then). Yu can specify critical data fr different authrisatin bjects within the same grup. If yu specify a transactin cde fr an ID, all authrisatin data required t execute the transactin and maintained in transactin SE93 is autmatically entered as critical data, after yu have cnfirmed and saved the dialg bx. If yu leave the Frm field empty, the prgram searches fr authrisatins with spaces fr the specified field and bject. If yu enter an asterisk (*) in the Frm field, the reprt searches fr full authrisatin fr the specified field. Any errrs in the Authrisatin Object fields will be picked up as it will nt allw yu t enter an bject r value it des nt exist, but fr Transactins the system cannt prevent yu t put in a nn-exist TCODE. Individual entries cannt be put int the change request, has t be put in as NEW ENTRIES. Example f ZSOS0002
The example abve was cpied frm the spreadsheet: Save yur entries.
Create a variant. Open the flder Variants fr Critical Authrizatins, and then chse New Entries. Enter the name and descriptin f the variant. Enter r cpy the Authrisatin ID and Text int the New Entries The abve IDs were cpied frm:
Save yur entries. Execute the reprt variant with critical authrisatins. On the initial screen f the reprt
Chse Fr Critical Authrisatins Use the input help t select an existing variant, and chse Execute. Yu can als define a reprt variant, fr example, the abve screen sht shws the user grup excluded TERMINATED and ther user grups which may nt be relevant t yur analysis.
Yu can use SUIM r reprt RSUSR008_009_NEW t cmbine the IDs fr critical authrisatins in any way, and t create variants with these cmbinatins, fr example fr segregatin f duties purpses. Samples segregatin f duties fr business cycles and system securities will be published next year. Relevant dcuments already published n ISACA SAP Tpic include Hw-t SAP Security Optimisatin Self-service SAP SOS Sample Reprt SAP Critical Authrisatins