Problem
The easiest way to check a role in the SAP system is to use the transaction SUIM (SAP User Information System).
During security audits or tests, it may be necessary to obtain active user IDs, roles, profiles, and change documents. To get this data, we need to use many reports in the ABAP system. For example: RSUSR002 report for user selection using complex criteria etc. We are not able to remember all the reports, so SAP gives us all the options to run reports in one transaction, i.e. SUIM.
Step by step instructions
In the transaction on the initial screen, we have options for sorting users, roles, profiles, authorizations, authorization objects, transactions, comparisons, lists, and document changes.
1. User node
The user node is selected based on the list of users according to the selection criteria, i.e. we can get blocked applications, users who have certain roles, profiles or address data, users who have access to a certain transaction, etc.
2. The role node can be used to search for roles and profiles as it contains the transactions necessary to perform a specific job.
3. It also allows you to search for roles by transaction assignment in SUIM.
It allows you to find a role that contains authorizations to execute a transaction and sort roles by name, assignment, and different selection conditions.
4. Transaction node
Allows you to search for transactions in specific roles. It can also be used by users, by selecting the “Executable for User” selection criterion, the system will display a list of transactions that can be used by a given user, along with the assigned roles.
The transaction allows you to find roles according to many criteria, you should use the information we have, such as the assigned role of user X, then we can also compare the roles of user Y and user X in the “Comparisons” node.
