SAPTUTORIALS.

IN

Stay Connected, Stay Ahead.

Montra Electric SCV Learn More

Homepage
► Blog

Published by saptutorials in Blog

Basic SAP Security T-codes,

Tables, and Reports in SAP

Basic Security T-codes, Tables, and Reports in SAP
▾
Security in SAP systems is a matter of using different transaction codes (T-
SAPTUTORIALS.IN

Codes) tables and reports that aid in the administration of users, role
authorization control, role assignments, and audit trail functions. These tools
offer essential support for security and system administrators—experts in
maintaining a secure and optimized SAP environment.

Introduction

This blog will provide a brief overview of the most important T-Codes tables,
reports and tables that are used in SAP Security management – making it
simpler for newcomers as well as experienced administrators to make sense of
this complicated system.For SAP Security, understanding its T-codes tables,
reports and T-codes is essential to efficient administration of the system as well
as user management. Below is a thorough overview of the fundamental
security resources that will aid in navigating the authorization and
management framework.

Table of Contents
▾
 Key SAP Security T-Codes for User and Role Management
SAPTUTORIALS.IN

Tracing and Troubleshooting Security Issues

Authorization and Role Maintenance T-Codes
Critical SAP Security Tables
Key SAP Security Reports

Key SAP Security T-Codes for User and Role

Management

SU01: User Maintenance

One of the most frequently utilized T-Codes, SU01 enables system

administrators to create, edit or delete user accounts. This functionality is
essential in managing user lifecycles as it allows for administrators to set roles
of users, passwords, and profiles for those being managed.

SU10 – Mass User Change

Large companies often face the difficulty of managing multiple user accounts
simultaneously. SU10 simplifies this task by allowing administrators to alter
multiple user accounts simultaneously using this T-Code, making updates like
changing roles or passwords for multiple users faster and simpler.

SU01D User Maintenance Display

Read-only versions of SU01 allow users to see details about accounts without
being able to change any information, making this perfect for reviewing
compliance or auditing user information without making changes themselves.

PFCG – Role Maintenance

This transaction code, called Role Maintenance, allows users to define changes,
modify roles, and assign them to specific users within SAP. Roles define which
actions an individual user is permitted to perform within SAP, while PFCG
simplifies managing roles by assuring appropriate permissions are assigned in
▾
line with an organization’s policies.
 User Information System Management (SUIM).
SAPTUTORIALS.IN

SUIM is an invaluable tool to analyze user information roles, assignments to

roles and authorizations. Administrators typically utilize it to review role
assignments and permissions granted to individual users to ensure compliance
with internal policies and external laws.

Check Authorization Evaluation Form (SU53).

If users encounter errors related to authorization, T-Code SU53 can help quickly
pinpoint its cause. By identifying which authorization object led to the error
and offering solutions swiftly, administrators can help quickly resolve it.

Authorized User Buffer

Authorization buffers are used to store current authorizations assigned to

users. Administrators can utilize SU56 to quickly check which authorizations
each individual uses, providing an invaluable way of detecting problems with
authorizations.

Tracing and Troubleshooting Security Issues

ST01 – System Trace

Security problems often require the identification of particular events or

failures to authorize to determine security issues. This is where the ST01
System Trace assists in identifying these issues, providing insight into the
system’s operations and user interactions.

STAUTHTRACE – System-Wide Trace

While ST01 can only allow tracer-level user activity, STAUTHTRACE offers an
all-system trace that helps identify security issues affecting multiple users. This
tool is handy for troubleshooting issues across the entire network.
▾
Authorization and Role Maintenance T-Codes
 SU03 – Authorization Maintenance and Profiles
SAPTUTORIALS.IN

SU03 uses SU03 to manage authorization profiles. Profiles are comprised of

permissions that grant access to different parts of the system. T-Code permits
fine-grained adjustments of user access rights.

SU20 -Maintain Authorization Fields

Authorization fields are vital when it comes to setting permissions. With the
SU20’s Authorization Field Management feature, administrators can effectively
manage these fields so that the objects assigned to roles and users correspond.

SU21-Maintain Authorization Objects

Authorization objects have some or all authorization fields. They are SU21 T-
Codes. SU21 T-Code provides the means to create and manage the objects to
equip SAP systems with reliable access control methods.

SU22/SU24 – Authorization Object Assignment

These T-Codes allow access to check objects that are delivered by SAP, as well as
managing the assigning the authorization object to transactions. SU22 displays
check objects, whereas SU24 will assign these items to roles and transactions
that require more security measures. These T-Codes are useful for customizing
security settings for specific role or transaction.

SU25 Profil Generator

First Installation and Upgrade [UPGRADED/NEW installation] Following

upgrades to your system and new installation, SU25 can be used to generate
profiles in order to make sure that all changes to the system configuration are
recorded in the security framework. This will ensure that a complete update is
applied to the security framework.

Critical SAP Security Tables

▾
USR Tables (User Master Information)
 USR01: Stores the user’s master runtime information, which contains
SAPTUTORIALS.IN

basic information about users.

USR02: Contains user login details, including passwords and expiration
dates. This table is essential for tracking passwords’ expiration dates and
enforcing security policies.
USR04: Holds information related with user-authorized authorization.
USR06: Contains SAP license information, assuring compliance with
licensing requirements.

AGR Tables (Role Information)

The AGR1251 The data is stored for authorization that is related to

roles.
AGR_1252 It contains information on the role of an organization that
ensures proper alignment of roles within the organization’s hierarchy.
ARG_Users: Users are given roles, assisting in simplifying audits of
roles.
AGR_AGRS Provides information on composite roles, as well as the
roles that they entail.
AGR_HIER Keeps track of the role-related details about the structure of
menus.

UST Tables (Authorization Change Documents)

UST04: Contains user profile data.

UST10C: Stores composite profiles that consist of several sub-
profiles. This table can be useful in dealing with complicated roles in large
companies.

Authorization Object and Activity Tables

TOBJ It lists all authorized objects.

Contact: Details the SAP types of activities.
UsbT/USOBX This table defines the relationships between T-Codes and ▾
authorization objects. They are vital to determine which roles are required
to execute a specific transaction.
 SAPTUTORIALS.IN
Key SAP Security Reports

SAP offers a variety of regular reports that can assist administrators in keeping
on top of user activity, authorization errors, and compliance concerns. These
reports are essential to ensure the security of an SAP environment.

RSUSR000 – Currently Active Users

This report lists all the users currently in the system. It allows administrators to
monitor the system’s usage in real-time and ensure you only have access to
authorized people. are able to access the system.

RSUSR002 – Users by Complex Selection Criteria (SUIM)

A robust report that allows administrators to sort users according to role

assignments or login information, as well as other variables. It is often used in
audits to check for compliance.

RSUSR006 – Locked Users and Incorrect Logons

This report shows blocked users because of incorrect login attempts and allows
admins to re-login and examine security issues.

RSUSR030 – Authorization Objects by Complex Selection Criteria

It gives detailed information about which authorization objects are connected

to particular user roles. This report is essential to fine-tuning permissions for
roles and ensuring that users are granted the right access levels.

RSUSR405 – Reset User Buffers

If authorization buffers cause inconsistent results, this report permits

administrators to reset the buffers to ensure that users’ authorizations are ▾
properly applied and refreshed.
RSUSR200 – User Logon Date and Password Change Report
SAPTUTORIALS.IN

This report tracks user login dates and password updates and password
changes, assisting in the enforcement of security guidelines and ensure that
users follow updated password guidelines.

Conclusion

SAP security is a multi-faceted area that requires administrators to be

proficient with numerous T-Codes, tables, and reports. Administrators can
ensure that SAP systems remain secure, compliant, and efficient by leveraging
tools like SU01, PFCG, and SUIM, as well as important reports like RSUSR200
and RSUSR002. Understanding these key components will significantly
streamline security management processes in any organization using SAP.

You might also like the below articles.

sap s4hana migration

GST E invoice
understanding abap objects
clean core sap
SAP interfaces
Joule ai copilot
Mastering sap background job processing
SAP Ewm tcodes a handy guide
Object-oriented programming in sap abap
understanding sap license costs
SAP Datasphere
industry4.0 with sap
Condition contract management in sap s4 hana
Comprehensive guide to go live
SAP EHS Module
Power of generative ai in sap ▾
SAP Joule Comprehensive Guide
Mastering the dunning process sap
 Creation of chart of accounts in sap fico
SAPTUTORIALS.IN

Different roles of an sap consultant

understanding sap system landscape
Product costing in sap
Copa in sap
subcontracting process in sap mm
SAP S4hana cloud
Disaster Recovery in SAP HANA Cloud
SAP ABAP beginner’s journey
Year-end activities in sap
ethical ai development

Subscribe to updates

Next Read: Brownfield Implementation: Upgrading SAP Systems the Smart Way »

saptutorials: We are a group of SAP Consultants who want to teach and make

studying tough SAP topics easier by providing comprehensive and easy-to-

understand learning resources.

L E AV E A C O M M E N T

Related Post

Understanding Retail Fuel Network Operations (RFNO) in SAP S/4HANA

Understanding Business Partners (CVI) in SAP S/4HANA: A Complete Guide for Seamless

Transition

▾
SAP Clean Core: What It Is and Why You Need It
 SAPTUTORIALS.IN

Home Blog Tutorials YouTube Channel About Us:-

All Rights Reserved