You are on page 1of 2

User Reports Title

RSUSR000 Active Users

RSUSR002 Complex Selection Criteria
RSUSR002_ADDRESS Address data
RSUSR003 (User security Audit Job) Passwords of Users SAP* and DDIC in All Clients
RSUSR004 User Values to the Following Simple Profiles and Auth. Objects.
RSUSR005 (User security Audit Job) Users With Critical Authorizations
RSUSR006 (User security Audit Job) Users with Incorrect Logons
RSUSR007 (User security Audit Job) Users Whose Address Data is Incomplete
RSUSR008 (User security Audit Job) Users with Critical Combinations of Authorizations at Transaction Start
RSUSR009 (User security Audit Job) Users With Critical Authorizations and also can select Critical Authorizations
RSUSR010 ons for User, with Profile or Authorization
RSUSR011 Transactions after selection by User, Profile or object.
RSUSR012 Authorizations, profiles and users with specified object values
RSUSR020 By Complex Selection Criteria
RSUSR030 tions by Complex Selection Criteria
RSUSR040 tion Objects by Complex Selection Criteria
RSUSR060 d lists
RSUSR061 Authorization Fields
RSUSR070 Complex Selection Criteria
RSUSR100 (User security Audit Job) Change documents for users & shows changes made to a user’s security
RSUSR101 (User security Audit Job) Change documents for profiles & shows changes made to security profiles
RSUSR102 (User security Audit Job) Change documents for auth. & shows changes made to security auth.
RSUSR200 Users According to Logon Date and Password Change
RSUSR300 nal Security Name for All Users
RSUSR301 checking transactions with auth. object S TCODE
RSUSR302 Authorization check on object S TCODE from table TSTCA
RSUSR400 Environment Authorization Checks (SAP Systems Only)
RSUSR401 give all SAPCPIC users profile S_A.CPIC
RSUSR402 user data for CA manager from Seclude
RSUSR403 Profile S_A.CPIC to User SAPCPIC in Current Client
RSUSR404 n Program for Authorizations of Basis Development Environment
RSUSR405 user buffers in all clients (uncritical)
RSUSR406 ally Generate Profile SAP_ALL
RSUSR406_OLD ally Generate Profile SAP_ALL
RSUSR408 version of USOBX-OKFLAG, USOBX-MODIFIED for upgrade tool SU26
RSUSR409 all translated titles to generated transaction codes
RSUSR421 report: TSTC-CINFO if no check in TSTCA
RSUSR500 Administration: Compare Users in Central System
RSUSR998 rting Tree Info System
RSUSREXT rect SNC Names in Table View VUSREXTID (from SAP R/3 4.5)
RSUSREXTID rect SNC Names in Table View VUSREXTID (from SAP R/3 4.5)
RSUSRSUIM rmation System
RSUSR_SYSINFO_PROFILE oss-system information/profile
RSUSR_SYSINFO_ROLE oss-system information/role
RSUSR_SYSINFO_ZBV oss-system information/CUM
Technical Details of Tables & Instance Profile Parameters
User related tables couldn’t be directly seen as with the table maintenance function (System Services Table maintenance),
except for the table with forbidden password strings, USR40. Some of the other tables are as follows:
♦ USR01 contains the runtime data of the user master records
♦ USR02 contains logon information such as the password, also the locked / unlocked user accounts.
♦ USR03 includes the users' address information
♦ USR04 contains the users' authorizations
♦ USR05 is the users' parameter ID table
♦ USR06 contains additional data for users
♦ USR07 includes values for last failed authorization check
♦ USR08 is the table for user menu entries
♦ USR09 contains user menus
♦ USR10 is the table for user authorization profiles
♦ USR11 contains the descriptive texts for profiles
♦ USR12 is the user master authorizations values table
♦ USR13 contains the descriptive short texts for authorizations
♦ USR14 contains the logon language versions per user
♦ USR30 includes additional information for user menus
Users, profile and authorization change history data are held in tables USH02, USH04, USH10, and USH12.
The system includes other tables related to user master records, which are the transparent versions of some of the
previous tables. These are UST04, UST10C, UST10S, and UST12.

Tables related with authorization objects and authorization fields are as follows:
♦ TOBJ is the authorization objects table containing the authorization fields for each.
♦ TACT contains the list of the standard activities authorization fields in the system.
♦ TDDAT table is needed for assigning authorization groups to tables used by authorization object S_TABU_DIS.
♦ TSTC is the transaction code table where authorization objects and values can be defined.
♦ TPGP is used for relating application areas with program authorization groups.
♦ USOBT is the standard SAP table that relates transactions with authorization objects.
♦ USOBX is the SAP check table for USOBT containing the transactions and authorization objects.
♦ USOBT_C is a customer table, copied initially from the SAP, which relates transactions with authorization objects.
♦ USOBX_C is the customer check table for USOBT_C containing transactions and authorization objects.

Technical Details: System Profile Parameters for Managing Users & Authorizations
Parameters directly affecting the user management functions are as follows:
♦ login / fails_to_session_end. Indicates the number of times that a user can enter an incorrect password before the
system closes the logon window. The default value is 3, but you can set it to any value between 1 and 99.
♦ login / fails_to_user_lock. This parameter sets the number of times a user can enter an incorrect password before the
system automatically locks the user out. If this happens, the user is automatically unlocked at midnight. The default value
is 12. Possible values are from 1 to 99.
♦ login / system_client. Sets the default system client. This client is automatically filled in the client field of the logon
screen, although users can overwrite it.
♦ login / min_password_lng. Specifies the minimum password length. Default value is 3, but you can specify any value
between 2 and 8.
♦ login / password_expiration_time. Indicates in number of days the period of validity for passwords. When the
expiration time arrives, the user is asked to enter a new password.
♦ login / no_automatic_user_sapstar. Disables special properties for user SAP* when this parameter is set to a value
greater than 0.
♦ rdisp / gui_auto_logout. Specifies the number of seconds a user session can be idle (SAPGUI does not transfer or
communicate with the application server) before being automatically logged off by the system. This parameter is
deactivated by setting the value to 0. By default, this option is not activated.
♦ auth / no_check_in_some_cases. This parameter is set to switch off special authorization checks by customers, and is
the main parameter for activating the Profile Generator tool. Values can be either Y (yes) or N (no).
♦ auth / no_check_on_tcode. If this parameter is set to value Y (yes), then the system does not perform an authorization
check on object S_TCODE.

To make the parameters globally effective in a SAP system, set them in the default profile, DEFAULT.PFL.
To make them instance specific, you must set them in the profiles of each application server in your SAP system.