On the SU01 user maintenance screen there is a nice tab to capture documentation for that user. But how to list all documentation for all users?
List of all user documentation
To get the user documentation listing program, apply OSS note 3113345 – SUIM | Reporting for User Documentation. This will deliver program SUIM_SHOW_USDOCU:
Run the program for your selection to get the result list:
Click on a documentation line to see all the history.
SUIM is like a swiss knife for the authorization consultant. It has so many reporting tools it can basically answer any question.
Questions that will be answered in this blog are:
- What are the most useful tools in SUIM?
- How can I list users that never logged on to the system?
- How can I list users that are locked, or have password issues?
- How can I list users with critical authorizations?
The SUIM tool is started with transaction SUIM:
Here you can select the reports from the different categories.
Most useful SUIM reports
In the subsections below you can find the most useful and most used SUIM reports.
Actual user columns are hidden in the examples below for privacy protection.
User with logon data and password change
Query need: to list when users did logon for the last time and when they last changed their password. This query can be very useful when you have to clean up for the yearly license measurement.
In SUIM select this report:
Example result screen:
Check on users with specific authorization value
One of the most used SUIM reports is to list which users have a specific authorization value:
In this example we will lookup users which have rights for debugging (object S_DEVELOP, value DEBUG):
On the result list you can see all users. Select the user you are interested in and select the button In Accordance with Selection to find out which role has the specifically requested authorization object:
Result can be multiple roles as well:
Remark: there are 3 single roles here which contain the object. The 3 roles are in 1 composite role that is assigned. That is why the number on top shows 1 roles and there are 3 detail lines.
Check on most common critical authorizations
SUIM has a nice check program to check on the most common critical authorizations:
You can select the default SAP variant and use display variant to see the list of checks:
Open the checks to see the details:
The result list can have many potential issues:
You again use the button In Accordance with Selection to find out which role is cause of the potential issue.
Be careful with the reporting of the numbers. A lot of managers cannot deal with the high amount reported. 'It is unbelievable that I have 91.493 critical authorization issues in my system!'. Most of the issues are simple to fix and bring the numbers down dramatically. Or some of the items are not relevant in your situation. Always handle the numbers with care.
SUIM is constantly being improved. There are many small bug fix OSS notes. Don’t be scared off by the length of the list. SUIM is a very large function. So it will have many OSS notes.
Bug fix notes to consider: