Security Reports

RSUSR002 display users according to complex search criteria RSUSR010 Transactions that can be executed by users, with Profile or Authorization RSUSR070 Actiity groups by complex search criteria RSUSR100 Changes made to user masters RSUSR101 Changes made to Profiles RSUSR102 Changes made to Authorizations RSUSR200 Users according to logon date and password change, locked users. User Types

Dialog 'A'

System 'B'

Communication 'C'

Service 'S'

Reference 'L'

A normal dialog user is used by one person only for all types of logon. During a dialog logon, the system checks for expired and initial passwords and provides an option to change the password. Multiple dialog logons are checked and logged if necessary. Use the system user type for internal system processes (-> background processing) or system-related processes (> ALE, workflow, TMS, CUA). Dialog logon (using SAP GUI) is not possible. A user of this type is excluded from the general settings for password validity. Only user administrators can change the password using transaction SU01 (Goto -> Change Password). Multiple logons are permissible. Use users of type Communication for dialog-free communication between systems (-> RFC or CPIC) . Dialog logon (using SAP GUI) is not possible. The general settings for the validity period of a password apply to users of this type. Users of this type can change their passwords (like dialog users). The dialogs for changing the password must be provided by the caller (RFC/CPIC client). You can use the RFC function module USR_USER_CHANGE_PASSWORD_RFC or the RFC API function RfcOpenEx() to change the password. A user of the type Service is a dialog user that is available to an anonymous, larger group of users. Generally, this type of user should only be assigned very restricted authorizations. For example, service users are used for anonymous system access using an ITS service or a public Web service. Once an individual has been authenticated, a session that started anonymously using a service user can be continued as a personal session using a dialog user (see SUSR_INTERNET_USERSWITCH) During logon, the system does not check for expired and initial passwords. Only the user administrator can change the password. Multiple logon is allowed.

Like the service user, a reference user is a general user, not assigned to a particular person. You cannot log on using a reference user. The reference user is only used to assign additional authorization. Reference users are implemented to equip Internet users with identical authorizations. On the Roles tab, you can specify a reference user for additional rights for dialog users. Generally, the application controls the allocation of reference users. You can allocate the name of the reference user using variables. The variables should begin with "$". You assign variables to reference users in transaction SU_REFUSERVARIABLE. This assignment applies to all systems in a CUA landscape. If the assigned reference user does not exist in one of the CUA child systems, the assignment is ignored.

SM20 SM30 SCCL SCC9 SCC8 STMS RZ10 RZ11 SE84 SE43 ST01 SU05 SMLG ST02 SM02 SM04 SM12 SM13 SM21 SM50 SM51 SM59 ST11 ST22 SM35 ST05 PO10 PO13 SE16 SE16N Security - General tcodes SM20 SM19 STRUSTSSO2 STRUST SECSTORE SM20N SM18 CERTREQ SLAW WSSPROFILE LICENSE_ADMIN SM20_OLD CERTMAP Security - Audit Information System tcodes RSPFPAR RSUSR200 RSSCD100 RSUSR003 RSCSAUTH RSUSR000 SECR RSEIDOC2 RSRFCTRC RSTBHIST RSAU_SELECT_EVENTS RSABAPSC RSRFCCHK RSGWLST RSSTAT20

RSSTAT10 RSWBO040 RSUSR200_PWDCHG180 RSWBOSSR RSPFPAR_LOGIN RSRSDEST RSINFO00_BCE_AUD_MOD RSSCD150 RSUSR007 SM30V_DDAT RSAUDITC_BCE 0REP RSWBO004 RBDAUD01 SM30V_BRG RSABTPGP RSABAUTH RSUSR002_AUDIT_OSCL RSAUDITM_BCE_TPLGA RSUSR002_AUDIT_UCC RSTMSCON_VERBOSE RSPO0055 RSPFPAR_GATEWAY RSUSR200_INITPASS RSPFPAR_SAPSTAR RSPFPAR_SYSLOG RSUSR002_AUDIT_RFC RSAUDITM_BCE_TPLGS RSTMSDIC RSPFPAR_SNC RSWBO040_AUDIT_PA RSUSR002_AUDIT_ABAP RSPFPAR_TABLEREC RSAUDITM_BCE_IMPO RSUSR002_AUDIT_UAP RSSNCSRV RSPFPAR_AUTH RSSWOUSR RSPFPAR_PROFGEN RSUSR200_UNUSED30 RSPFPAR_SPOOL RSWBO040_AUDIT_USR RSUSR002_AUDIT_CTS RSPFPAR_TABLESTAT RSAUDITM_BCE_SYSO RSUSR002_AUDIT_UCA RSTMSAMO RSPFPAR_CALLSYSTEM RSRFCSTX RSPFPAR_RFC RSPFPAR_STATISTICS RSWBO050 RDDTDDAT_BCE Security - Directory tcodes LDAP RSLDAPSYNC_USER LDAPMAP LDAPLOG Security - Secure Network Communications tcodes SNC0 SNC1 SNC4 Security - Secure Store and Forward tcodes

SSFA PSEMAINT O07C Security - User and Authorization Management tcodes SU01 PFCG SU53 SUIM SU24 SU3 SU10 SLICENSE SU25 SU21 PFUD SU22 SU01D USMM SU56 SCUL SCUM SMEN SU03 SE97 SUPC SU02 SU20 SUGR SCUA SCUG SU2 SU52 SUCOMP SU0 RSSCD100_PFCG SU1 S_BCE_68001425 S_BCE_68001398 WP3R S_BCE_68001400 SU12 SU51 SU26 S_BCE_68001439 SU50 S_BCE_68002041 S_BCE_68001430 S_BCE_68001420 MENU_MIGRATION S_BCE_68001402 SU99 SDMO S_BCE_68001401 S_BCE_68001423 SU01_NAV S_BCE_68001429 ROLE_CMP AUTH_SWITCH_OBJECTS SUUM S_BCE_68001426 SUUMD SUPO S_BCE_68001422

S_BCE_68001393 S_BCE_68001777 RSSCD100_PFCG_USER SU_REFUSERVARIABLE LICENSE_ATTRIBUTES S_BCE_68001399 SM30_SSM_VAR S_BCE_68001397 SU55 SU98 S_BCE_68001441 S_BCE_68001409 S_BCE_68001440 S_BCE_68001418 SUGRD SM30_SSM_RFC SU24_CHECK PERSREG S_BCE_68001394 SM30_SSM_CUST SCUC S_BCE_68001405 S_BCE_68001419 AUTH_DISPLAY_OBJECTS S_BCE_68001413 S_BCE_68001427 SUIM_OLD S_BCE_68001395 S_BCE_68001396 S_BCE_68001431 SROLE S_BCE_68001412 SUPO_PREPARE S_BCE_68001406 S_BCE_68001410 S_BCE_68001414 S_BCE_68001407 S_BCE_68001408 S_BCE_68001432 S_BCE_68001416 S_BCE_68001436 S_BCE_68001421 S_BCE_68001433 S_BCE_68001437 S_BCE_68001434 S_BCE_68001403 S_BCE_68001438 S_BCE_68001767 S_BCE_68001411 S_BCE_68001415 S_BCE_68001435 S_BCE_68001404 S_BCE_68001424 S_BCE_68001428 S_BIE_59000199 SM30_PRGN_CUST SM30_VAL_AKH S_BCE_68002111 SALE_CUA SPERS_MAINT SUGR_NAV S_BIE_59000198 SU83

SPERS_TEST SU87 Security - Anti-Virus Protection tcodes VSCAN VSCANPROFILE VSCANTEST VSCANGROUP VSCANTRACE

Security audit - reporting. For creation of table authorization groups and for maintaining assignments to tables For Local Client Copy on same system between different clients. For data exchange over the network and remote client copy between clients in different systems. Data exhange happens at operating system level, it supports Client transport. Transport Management System Profile configuration Maintain profile parameters Information System for SAP R/3 Authorizations Maintain and display Area Menus System Trace Maintain Internet Users Maintain Logon Group Setups/Tune Buffers System Messages User Overview Display and Delete Locks Display Update Records System Log Work Process Overview List of SAP Servers Display/Maintain RFC Destinations Display Developer Traces and error log files ABAP/4 Runtime Error Analysis Batch Input Monitoring Performance trace Maintain Organization Unit "Used to assign Roles/PD Profiles to Org Units (Creates O-AG Relationship)" Maintain Position "Used to assign Roles/PD Profiles to Positions (Creates S-AG Relationship)" Data Browser General Table Display

Analysis of Security Audit Log Security Audit Configuration Trust Manager for Logon Ticket Trust Manager Administration of Secure Storage Analysis of Security Audit Log Reorganize Security Audit Log Certificate enrollment License Administration Workbench Edit Web Services Security Profile License Administration Workbench Security Audit Log Evaluation (Old) Certificate Assignment Display profile parameter List of Users per Login Date Display Change Documents Check standard user passwords Maintain/Restore Authorization Group Currently Active Users Audit Information System IDoc List RFC Trace Table history Display Audit Events (Batch Proc.) Statistical Prog. Anal. for Search RFC destinations with logon data Accessible Gateways Performance Analysis: Single Stats

Performance Analysis: Workload Anal. Search for Objects in Requests/Tasks Unchanged for 180 Days RSWBOSSR Logon Rules System Overview Output Customer Exits Display Change Documents List Users Call of SM30 for View V_DDAT Display Locked Transactions "Start of program Set System Change Option Statistical Evaluations for AL Call of SM30 for View V_BRG Authorization Groups Transfer of Authorization Groups Users who can call OS commands Transport Monitor ALOG Update Company Codes Verbose Installation Check: Spool SAP Gateway Users with Initial Password Hardcoded SAP* Syslog Parameters Users who can execute RFC functions Transport Monitor SLOG TMS: Display Configuration SNC Requests with PA tables Users with ABAP Authorization Table Recording Import Overview Update Accounting Periods SNC Status of Application Server Authorization All List of Internet users Profile Generator Not Logged On for 30 Days Spool Parameters Requests with USR tables Users who can use CTS Table Access Statistics System Overview Update Chart of Accounts TMS: Alert Viewer Call System RFC statistics Remote Function Call Workload Statistics Analyze Objects in Orders/Tasks Check Table Logging LDAP Customizing and Test LDAP Synchronization of Users Maintain LDAP Attribute Assignment Analyze LDAP Log SNC Access Control List: Systems Generate SNC name for user Check canonical SNC names

SSF: Set Application Parameters PSE Management Obsolete transaction User Maintenance Role Maintenance Evaluate Authorization Check User Information System Auth. Obj. Check Under Transactions Maintain Users Own Data User Mass Maintenance Administer SAP Licenses Upgrade Tool for Profile Generator Maintain Authorization Objects User Master Data Reconciliation Auth. Object Usage in Transactions User Display Customer measurement Analyze User Buffer Central User Administration Log Central User Administration Session Manager Menu Tree Display Maintain Authorizations Maint. transaction call authorizatn Role Profiles Maintain Authorization Profiles Maintain Authorization Fields Maintain User Groups Central User Administration Transfer Users Maintain Own User Parameters Maintain Own User Parameters User company address maintenance Maintain Own Fixed User Values Change Documents for Role Admin. Maintain Own User Address Roles by Complex Criteria Users According to Complex Criteria Follow-Up Processes for Portal Roles Users According to Complex Criteria Mass Changes to User Master Records Maintain Own User Address Upgrade Tool for Profile Generator For user Own data Executable for Role Compare Users Roles by Transaction Assignment Menu Migration into New Hierarchy With Unsuccessful Logons Call report RSUSR008 Dynamic Menu (old) Critical Combinations of Auth. Roles by Authorization Values User maint. to include in navigation Transactions for User Compare Roles Switch on/off authorizations Global User Manager Transactions for User Display User Administration Maintain org. levels Roles by Authorization Object

Users by address data Compare Roles For Role Assignment Maintain reference user variables Maintain License Attributes of Roles Users According to Complex Criteria Maintain Table SSM_VAR Users According to Complex Criteria Call the Session Manager menus Call Report RSUSR008 For authorizations Profiles According to Complex Crit. For profiles Roles by Role Name Display user groups Maintain Table SSM_RFC Switch Off Authorizations: Test Personalization object Users According to Complex Criteria Maintain Table SSM_CUST CUA: Synchronize company addresses Profiles by Authorization Name Roles by User Assignment Display Active Authorization Objects Auth. Objects According to Complex Transactions for User Call AUTH Reporting Tree (Info Sys.) Users According to Complex Criteria Users According to Complex Criteria Compare Profiles Export User Roles to XML doc. Auth. Objects According to Complex Maintain Organizational Levels Profiles by Values Auth. Objects According to Complex Auth. According to Complex Criteria Profiles by Changes Profiles by Roles Compare Authorizations Authorizations by Changes Where-used lists Roles by Profile Assignment Comparisons Where-used lists Where-used lists With Critical Authorizations Where-used lists By Profile Name or Text Auth. Objects According to Complex Authorizations by Values Where-used lists Profiles by Contained Profiles Roles by Change Data Transactions for User Report cross-system information Maintain Table SSM_CUST Maintain Table VAL_AKH RSUSR008_009_NEW Display ALE Customizing for CUA Personalization object processing Maintain User Groups Report cross-system information Archive authorization docs.

Test personalization objects Read Authorization Change Documents Configuration of Virus Scan Servers Configuration of Virus Scan Profiles Test for Virus Scan Interface Configuration of Virus Scan Groups Memory Trace for Virus Scan Servers