RSUSR_SUAUTHVALTRC_SIMU: Simulation of Authorization Checks

Posted by — April 4, 2022 in SAP PROGRAM Leave a reply

You have used the user trace to record a list of authorization checks. You can use this program to check whether the recorded authorization checks would run successfully or not for selected users with their current authorizations. You can run this simulation for all authorizations of the users or just for individual roles assigned to the users. The trace data can be read from a local or remote system.

For example, you can check the effects of a new role concept by comparing the result of the simulation in a role development system with the result of the authorization check from the user trace in a test system.

Requirements

The user trace for authorization checks must be active for an extended period of time so that the authorization checks for the scenarios you want to examine are logged as fully as possible.

If you want to use different user names for the simulation, choose User Mapping and assign a User for Authorization Check to the User for Simulation.

Selection

Select the users for the simulation. You have to enter users or user groups.

The following options are available for the authorizations used for the simulation:

  • All authorizations of the user are used, but without the authorizations of the reference user.
  • Only the authorizations of the selected roles are used, as long as they are assigned to the user.

Authorization checks are read from the trace data for each selected user of the simulation. Use the Mapping Table if you want to read the authorization checks of another user.

The authorization check from the user trace can be read from a remote system. To do this, enter the respective RFC destination. In the target system, the RFC function module SUAUTH_READ_TRACE_VALUES is used and the authorization for the object S_ADMI_FCD is checked with S_ADMI_FCD = STUR.

Additional Options:

  • Only Display Differences Between Trace and Simulation Result:
    • The result of a simulation is displayed only if it is different from the result of the authorization check.
  • Also Include Check for Other User:
    • If the ABAP language command authority-check for user is used in an authorization check, the authorization check does not run for the logged-on user, but for the user specified in user. If this option is set, the trace entries where the user was specified in the addition for user are also selected for the user.

Output

The output shows the result of the simulation for each logged authorization check from the user trace.

You May Also Like

RSAU_TRANSFER: File-Based Transports of SAL Configuration

REGENERATE_SAP_APP: Create Full Authorizations for Applications

RS_ICF_SERV_MASS_PROCESSING: Mass processing of ICF services

How to Export All Active and Inactive SICF Services in SAP

Leave a Reply?