Find SAP Roles for Missing Authorization using SU53 & SUIM
ABAP developer and SAP professional can identify roles required for missing authorization using SU53 and SUIM transactions easily. This tutorial shows methods to search and find missing SAP roles for specific authorization data.
Recently when I tried to launch SAP transaction code RSRT2, I got an unauthorized error message:
You are not authorized to use transaction RSRT2
Then to check the required authorizations, I executed SU53 SAP transaction.
As seen in below SAP SU53 transaction screenshot, I can see that the authorization object is S_RS_COMP.
And authorization fields are ACTVT, RSINFOAREA, RSINFOCUBE, RSZCOMPI and RSZCOMPTP.
Only RSZCOMPTP authorization field has REP value to filter for the corresponding role.
Using the authorization object and authorization field values, I can try to figure required roles for the SAP transaction.
Launch SUIM (User Information System) transaction.
Under root node User Information System, drill down to Roles > Roles by Complex Selection Criteria > Search for Single Roles with Authorization Data
Execute the node "Search for Single Roles with Authorization Data" using the execute icon
When the search screen is displayed, enter the Authorization Object name which we already know from SU53 logs in the "Selection by Authorization Values" section.
Press "Values" button to further provide additional authorization object field values as search criteria
Then press execute icon or F8.
When you are back on the search screen, you will see the Values button is showing check mark beside the authorization object value.
ABAP developer is now ready to execute the search for the list of roles including required authorizations. Press F8.