Although I'm not a security expert the questions around segregation of duties and who has access to specific transaction codes comes up often, if not daily. As is the case for most Information Technology professionals, access in a production environment is extremely limited. So how can you find out who has access to that one transaction you need to look at or assistance with (as quality and testing systems don't always get you the right details)?
SAP has the answers for you and there are a lot of supporting reports. However, let's just focus on the one that gets you the "who has access?" question answered.
Start by going to transaction code SUIM in the transaction box.
SAP has the answers for you and there are a lot of supporting reports. However, let's just focus on the one that gets you the "who has access?" question answered.
Start by going to transaction code SUIM in the transaction box.
Now that you are in the User Information System section go thru the menu path as follows: User Information System -> Where-Used List -> Authorizations Values -> In Users
Next is the key and the value-ad from this article. Enter S_TCODE into the Authorization Object field for Authorization object 1 and press the enter key.
Pressing the enter key opens up additional fields for input. As you can see below in my screenshot, I'm looking to find who has access to transaction FB50-Enter General Ledger Accounting Document. From here press the execute button.
A standard ALV report is provided that shows how many users (including batch and RFC users) have access to the specified transaction code. I like to quickly sort by User Group as it lumps most batch users and gives you a good view of the real user base. You can also use the toolbar icons to download the data to Excel as well as drill into a user for which roles have the transaction code assigned to it.