SUIM Change Documents shows duplicate information on user validity renewal

Similar Messages

• SUIM - Change Documents modification

  Hello, in SAP 4.7 - Can a user with SAP_ALL delete a record in the SUIM change documents?  For example a password change record on an Unlocked or Valid From record? Thank you!

  > Since they do not retain transactional history after the system is recycled
  What does this mean?
  It sounds like you have some "emergency user" procedure in place (good idea) and are relying on STAD to "log" the user for reporting (less good idea...).
  You are using the STAD for a purpose it was not really designed for - so you don't need to be surprized.
  The SM19 log is the correct tool. Activate the generic ID profile and log the 5 user ID's that way. At the application layer, the logs cannot be deleted if they are younger than 3 days, and when they are - then a syslog message is written.
  Those admins will likely have access to the OS file system and the DB anyway, so I would recommend a completely different approach.
  => Systematically look for an inconsistency.
  > Each BASIS member has access to SU01 and is unlocking their ID's on a regular basis.
  Also, whatever you have done or what the basis folks are doing is not really "living" the concept of an emergency user. If you have an emergency almost everyday then you might want to ask yourself whether the concept has addressed the risk it set out to.
  Here again, the SM19 log is the correct tool, combined with checking some other basis and application tables - to be able to sample the use and compare it to what was the intended justification for accessing the emrgency user.
  If you monitor it and report on it's use, then it will often correct itself. You will also get feedback (and some complaints...) to be able to improve the process.
  The best emergency user solutions in my opinion are those which only add the "delta access". This forces the admin to request the correct authorizations for their normal day to day activities, and if they pull the emergency user on it's own (e.g. SU01 access) then it cannot do anything. You have to pass through the code which requests both access at the same time.
  Cheers,
  Julius

• Change documents for default values in user profiles

  Dear Experts,
  Please let me know if there are any tables to find the changes that have been made to the default values in a user profile.
  Regards,
  Lakshmi.

  Hi,
  as the defaults are not considered as critical, changes are not recorded in change documents.
  b.rgds, Bernhard

• Capacity leveling log showing duplicate information for Resource

  Friends,
  Need one help.
  When I am looking into the Capacity leveling logs, I see duplicate information for every Resource. There is no difference in the information regarding resource utilization (before/after). For every resource we are getting this duplicate records in the logs. Sometime there is one difference on timing, (when the resource was processed by the background job.)
  Text      .                                               Details        .         Current Date       .  Time    
  Resource W10_U0JA_001
  Parameters
  Resource utilization
  Resource W10_U0JA_001
  Parameters
  Resource utilization
  There is no difference in details resource utilization, yet resource are shown two times, for every resource.
  We are on SCM 7.0 . Is this standard? if so, then why?
  Can you please share your opinion/thoughts. Thanks a ton.
  Satyajit

  Hi Satyajit,
                This can happen because of resource setting in APO.
  You need to check the following:
  Bucket definition
  Resource utilization
  Time Zone
  You should check also the "Time-Cont Capacity" tab details where start, end and break time is maintained,
  You should also verify the "External Capacity" Tab data
  There is no other reason apart from that.
  You can also check the PPMs which are using this resource and some setting in PPM modes and other operation data.
  If it is okay then possibility you need to check the model and version assignments.
  You can remove the version assignment and delete the resource and again CIF it to APO.
  Possibly it will help.
  Regards,
  Vishal

• Role assignment to users (Change documents)

  Hi
  I was looking through the change documents for users and here i came across  "START_REPORT" under the Transaction column along with SU01 and PFCG. I was not quite sure about what this "STATUS_REPORT" was all about. I was wondering if this is a program. It certainly is not a batch coz we dont run batches here. I am trying to track down this change to the user but STATUS_REPORT is leading me nowhere....
  Any ideas?
  ravi

  Hi ravi
  Could you please explain the problem once more ?
  If you want to see the changes in the profiles of the user(which i take as one example of change documents) then you can use the transaction SUIM and there it'll give you options for change documents as below:
  1) For users
  2) For role assignment
  3) For Roles
  4) For profiles
  5) For authorizations
  and then you can choose the option you want.
  If I can help in some other way then kindly let me know.
  Cheers

• SCSM Query shows correct information in SMportal but sends only user name back to scorch

  When creating a services request in SMportal it will send back correct information to scorch and make configution change if I use use text and not query in the request. When using query it will show the information the users should see but SCSM sends only
  the user name back to scorch and not the value that was selected.
  Thanks for the help 
  Hans Petter

  When you create a Request Offering that uses a query, that item is added to the Service Request as a related item. In your case you will need to get the related Active Directory Users for your service request. See the link below for more details on this.
  http://blogs.technet.com/b/servicemanager/archive/2012/05/22/working-with-relationships-in-the-scsm-orchestrator-integration-pack.aspx
  Matthew Dowst |
  Blog | Twitter

• User Id for changed Document

  Dear All,
  How do we know who has changed Document details.
  e.g  One user has Prepared Down Payment Request by Tcode F-47.
  another user has changed DPR Document by Tcode FB02. i.e user has removed Payment Block flag ('Z') from DPR Document by FB02.
  I want to know user ID , who has removed Payment block flag from DPR Document by FB02.
  Regards
  Swati Shah

  fb03 - environment - Document changes.- All changes - F6
  You get an entry as below
  Date           Field                       New                           Old
  26.12.11    Payment Block                                           A
  Double click this entry
  Details
  Date             26.12.2011
  Time             14:16:21
  User             RAOSO
  Field            Payment Block ( BSEG-ZLSPR )
    from            A
    to               
    Changed in Line Item 001
  Hope this helps
  Kind Regards
  Soumya

• Change documents or logs for Analysis authorisation access changes

  Is there a way to review the change history or table logs in BI 7.0 to show who assigned analysis authorizations and when it was assigned or removed?  I presume there should be a SUIM change document that shows the Analysis authorization access changes that are assigned directly to users via RSU01 or RESEADMIN when these analysis authorizations are not included in roles.
  An example area of concern is with the assignment of 0BI_ALL, having an accurate log or mechanism to track the assignments to users.

  Hi Srinivas,
  you can activate in DDIC that your entry changes will be logged.
  Go to SE11 -> Your Tablenname -> CHANGE
  Button TechnicalSettings -> Activate checkbox Log data changes.
  From now on any chenge will be logged in table DBTABLOG.
  Kind Regards
  Henner

• Change Documents for SQ03

  Hi Experts,
  I want to know the changes documents for the transaction SQ03 (User Groups). There are some changes in user group/infoset assignments through this transaction. I want to know where we we can get this information in SAP ECC 6.0?
  Regards
  Keerthy Kumar

  Hi,
  This is SAP Business one system admin forum. Please find correct forum and repost above discussion to get more help.
  Close this thread here with helpful answers.
  Thanks & Regards,
  Nagarajan

• Log change documents in EKPO

  Hi Experts,
  I wish to thank anybody replying this message first.
  I have some questions to be cleared, may be you can provide me some help.
  To log changes on specific fiekds from a custom table, one has to use SCDO to generate change object and fct modules.
  These fct modules shoudl be called from program to log changes in tables CHDR and CDPOS.
  In the process of modifying a PO (me22n), I have several additional custom fields added in SAP table EKPO. These fields are available in PO trhough a custom tab on PO screen. I want to log the changes on these custom fields. The data elements of these fields are checked within change document check box. I modify the PO on several fields including custom fields , examine the content of CHDR and CDPOS and then find out that changes are logged for SAP EKPO fields modified but not for the EKPO custom fields.
  So here is my question:
  Do I have to call the generated changed document fct modules from an user exit or BADI prior to saving to have  the log changes or SAP handle it automatically ? If Yes, then which user exit or BAdi should I use ?
  Thank you for your time
  Dean Q.

  I found that SAP log the changes aumatically
  Thank u all

• No Free/Busy Information for Exchange 2010 users in Outlook 2010 client, 2010 OWA shows this information fine

  I have looked for hours and hours on Google and this web site for this type of issue and nothing seems to help.
  Problem:
  On my new Windows 2008 R2 /Exchange 2010 server with IIS7 installed, I can use Outlook 2010 client to login and send and receive e-mail but when I try to busy search internal Exchange users I get no information (cross-hatch), but the sender of the Meeting Request
  can see their own free/busy information fine.  And OWA users can see free/busy information fine, as can Outlook 2003 client users against this Exchange 2010 server when logged in.
  I don't know if I have a certificate problem with regard to IIS7 or Exchange 2010, I did not create my own certificate , it is just what was installed by default when I installed and configured Win2K8 server, IIS7 and Exchange.
  On the Windows 7 workstations with Outlook 2010 client, I am not logging into the Exchange 2010 server DNS domain, if that makes any difference.  On these workstations I can ping "autodiscover.my.exchange.server.com" and my.exchange.server.com
  with no problem.  I even used this Microsoft KB to install a new _autodiscover dns entry, but it did not help :
  When I turn on logging on my Outlook 2010 client, I see this in my C:\Users\Administrator\AppData\Local\Temp\1\outlook logging\20131208-135658864-fb.log :
  2013/12/08 13:56:58.864: Getting ASURL
  2013/12/08 13:56:58.864: URL returned from cached autodiscover: blah blah 
  2013/12/08 13:56:58.864: Request to URL: 
  2013/12/08 13:56:58.864: Request action: 
  2013/12/08 13:56:58.864: Request XML: <?xml version="1.0"?>
  2013/12/08 13:56:59.051: Request sent
  2013/12/08 13:56:59.051: Response error code: 00000000
  2013/12/08 13:56:59.051: HTTP status code: 0
  2013/12/08 13:56:59.051: -------------------------------
  2013/12/08 13:56:59.051: There is an error in request/response.
  2013/12/08 13:56:59.051: XML response:
  2013/12/08 13:56:59.051: -------------------------------
  2013/12/08 13:56:59.051: Getting ASURL
  2013/12/08 13:56:59.644: Failed to get ASURL. Error 8004010F
  At an Exchange shell console I enter this command and get these results :
  Exchnage Management Shell :
  VERBOSE: Connecting to BPExchange2010.my.exchange.server.com
  VERBOSE: Connected to BPExchange2010.my.exchange.server.com.
  [PS] C:\Windows\system32>Test-OutlookWebServices -id:[email protected] -TargetAddress:[email protected]
  ll.com
  RunspaceId : c929eacd-d53c-49d7-8532-c4b74e61b8be
  Id         : 1019
  Type       : Information
  Message    : A valid Autodiscover service connection point was found. The Autodiscover URL on this object is 
  Type       : Success
  Message    : [Server] Successfully contacted the UM service at https://bpexchange2010.my.exchange.server.com/ews/exchan
               ge.asmx. The elapsed time was 234 milliseconds.
  [PS] C:\Windows\system32>
  ** Also frequently when I log into Outlook 2010 client and start to send a meeting request , I get the Security Alert dialog :
  autodiscover.my.exchange.server.com
  Information you exchange with this site cannot be viewed or changed by others.  However, there is a problem with the site's security certificate.
  Green Check Mark :  The security cerficate is from a trusted certifying authority
  Green Check Mark: The security certificate date is valid
  Red X :  The name on the security certificate is invalid or does not match the name of the site.
  Do you want to proceed ?  .  I either import the certificate or click YES, but does not help this issue.
  NOTE: Each user that shows as NO INFORMATION cross-hatch, these users have appointments and have logged into outlook before.
  When I do this autodiscover url from a Windows 7 pc with outlook 2010 I get  :
  This XML file does not appear to have any style information associated with it. The document tree is shown below.
  <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response>
  <Error Time="14:47:01.5656198" Id="401440650">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData/>
  </Error>
  </Response>
  </Autodiscover>
  Can anyone assist ?  What am I missing ?
  Thank You
  NOTE:  When will this go away.  I had to strip out a lot of helpful information to post this.  "Body text cannot contain images or links until we are able to verify your account."

  Hi,
  How many users encounter this issue, all users with Outlook 2010 or some specific users?
  According to your post, the Error code 600 indicates that your Autodiscover service is working well. as for the certificate mismatch issue, we can also following the KB below to resolve it:
  http://support.microsoft.com/kb/940726/en-us
  The Free/Busy information in Exchange 2010 is using the Availability service to
  retrieve it. Please directly access
  https://mail.mydomain.ae/EWS/Exchange.asmx in IE and see whether a proper XML file is returned.
   Or we can go to
  https://testexchangeconnectivity.com and check MS Exchange Web Services Connectivity Tests.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Table to look for change documents for users

  Hi friends,
  Is there any standard table to look for change documents for a user?change document through SUIM does not give the correct log.
  Thanks for you support.

  Julius
  Looking at another of Tracy's other post (http://scn.sap.com/thread/3598947) she's trying to use ACL. Hence needing to know the tables to write joins/queries to hit tables within ACL
  I've seen ACL used and have had the fun experience of Auditors using Google to find tables to perform checks on without context of what has actually been implemented in their particular system.
  Regards
  Colleen

• Shortcut to generate change documents for multiple user id access in ecc 6

  hi.
  i need to generate a report with changes to user ids within the last  month. i dont have access to sap notes. thanks

  apart from SUIM, you can also refer to below reports
  RSUSR100                                   Change Documents for Users
  RSUSR100N                                  Change Documents for Users
  RSUSR101                                   Change Documents for Profiles
  RSUSR102                                   Change Documents for Authorizations
  regards,
  Surpreet

• FM for Change Documents For User

  Hi all,
  We need a Function Module for tracking the changes of a user account. Is there any function encapsulating the functionality supplied by SU01 -> Information -> Change Documents for User?
  thanks,
  - ferudun

  Hi
      Try this BAPIs
  BAPI_USER_LOCPROFILES_READ
  BAPI_USER_GET_DETAIL
  Regards
  Bala Krishna

• CUA: User & Role Master Data Change Document

  Hi Team,
  I would like to know is there any way to find out CUA user master & role assignment change document data from CUA Central System & All Targets Systems.
  I am looking for user friendly tool similar to SUIM.
  I have looked into other methods of CUA change document tips and tools but it is not so fruitful to convenes my Audit team.
  FYI.  System Users (CUA_ADMIN) is not the user which i want to see in my change document window, i want to know actual security consultant ids within that.
  Kindly get back to me.
  Appreciate, for your response.
  Regards,
  Asif

  HI Matt:  Your understanding is correct for CUA Tier2 Setup.
  FYI.
  We have successfully configured trusted relationships between SAP Systems with the help of my BASIS & UNIX team.
  To do this:  We have performed following actions:
  u2022     Trusted System trust relationships for the RFC Connection has been maintained from the Central to the Child System and from All Child to Central System via transaction code SMT1.
  u2022     UNIX Database level trusted relationship entries has also been added with the help of UNIX Team
  u2022     RFC Destinations has been reconfigured with Current user option (SM59).
  u2022     For Security Administrator special authorizations has been provided in order to get trusted relationship RFC authorizations. 
  Note:
  I have added Full Authorizations under these new special objects S_RFC, S_ICF, S_RFCACL, & S_RFCADM  and same was assigned to all our Security Administrators.  Remote Logon & Trusted Connectivity is working fine for all of us.
  We are 4 Security Administrator here, And for All of us this new concept of Trusted RFC for CUA is working fine.
  New Authorizations updated on both CUA and the Child System.
  Our ids are replicating as a log in the last change by field of SU01 and change document of SUIM. Happy to see this. 
  But unfortunately there are strange ABAP dumps are started generating from CUA (SolMan) System soon after this Implementation.
  When we look into ST22, runtime errors CALL_FUNCTION_SINGLE_LOGIN_REJ &  CALL_FUNCTION_SYSCALL_ONLY are keep generating.
  Following are the example of dump logs and all the dump are with similar fashion but with different user-ids within that.:
  Short text:  No authorization to logon as trusted system (Trusted RC=0).
  What happened?  : Error in the ABAP Application Program The current ABAP program "SAPMSSY1" had to be terminated because it has come across a statement that unfortunately cannot be executed.
  Error analysis:  An RFC call (Remote Function Call) was sent with the invalid user ID "(End user user-ids)".  Or the calling system is not registered as trusted system in the target system.
  How to correct the error: The error code of the trusted system was 0.
  Meaning: 0    Correct logon as trusted system mode
  1 No trusted system entry for the calling system "BIP " (like other child System) or the  security key entry for the system "BIP " is invalid
  2 User "111552 " (Type of End user) does not have RFC authorization (authorization object
       (S_RFCACL) for user "End User id " witl client 100.
  3    The timestamp of the logon data is invalid
  The error code of the SAP logon procedure was 6. (6    No external user check)
  My Point: I think All these End users are trying to connect CUA Trusted RFC connections through individual different child Systems..
  Why they need to Connect to CUA and for what reason they need special Trusted RFCu2019s authorization???
  Pls help me to fix this problem.
  I have gone through the old SDN posts related to the same topic and few SAP notes and help link but it wont help.
  Note 1579570 - Problem with trust relationship after using HMAC
  Note 128447 - Trusted/trusting systems
  Note 131387 - No authorization to log on as a trusted system
  Note 986707 - No authorization to log on as a trusted system (RC=1)
  Few More SAP Notes: 986707, 333441, 1151790 & 128447
  http://help.sap.com/saphelp_nw04/helpdata/en/8b/0010519daef443ab06d38d7ade26f4/frameset.htm
  We donu2019t see any logs under SCUL, BD87 & ST01.
  Please anyone can assist me on this.
  Regards,
  Asif