SQL Server administration and T-SQL development, Web Programming with ASP.NET, HTML5 and Javascript, Windows Phone 8 app development, SAP Smartforms and ABAP Programming, Windows 7, Visual Studio and MS Office software
Development resources, articles, tutorials, code samples, tools and downloads for SAP HANA and ABAP, HANA Database, SQLScript, SAP UI5, Screen Personas, Web Dynpro, Workflow

Find SAP Roles for Missing Authorization using SU53 & SUIM


ABAP developer and SAP professional can identify roles required for missing authorization using SU53 and SUIM transactions easily. This tutorial shows methods to search and find missing SAP roles for specific authorization data.

Recently when I tried to launch SAP transaction code RSRT2, I got an unauthorized error message:
You are not authorized to use transaction RSRT2


Then to check the required authorizations, I executed SU53 SAP transaction.

As seen in below SAP SU53 transaction screenshot, I can see that the authorization object is S_RS_COMP.
And authorization fields are ACTVT, RSINFOAREA, RSINFOCUBE, RSZCOMPI and RSZCOMPTP.
Only RSZCOMPTP authorization field has REP value to filter for the corresponding role.

SAP transaction SU53 to display authorization data for user

Using the authorization object and authorization field values, I can try to figure required roles for the SAP transaction.

Launch SUIM (User Information System) transaction.
Under root node User Information System, drill down to Roles > Roles by Complex Selection Criteria > Search for Single Roles with Authorization Data

SAP user information system transaction SUIM

Execute the node "Search for Single Roles with Authorization Data" using the execute icon

When the search screen is displayed, enter the Authorization Object name which we already know from SU53 logs in the "Selection by Authorization Values" section.

SAP SUIM to search for single roles with ABAP authorization data

Press "Values" button to further provide additional authorization object field values as search criteria

ABAP authorization object field values

Then press execute icon or F8.

When you are back on the search screen, you will see the Values button is showing check mark beside the authorization object value.

ABAP authorization object values to find SAP roles

ABAP developer is now ready to execute the search for the list of roles including required authorizations. Press F8.

SAP roles for ABAP authorization object field values in SUIM transaction



SAP HANA and ABAP

Install SAP Free
CRM Companies List
Web Based CRM Software


Copyright © 2004 - 2021 Eralper YILMAZ. All rights reserved.