SAP Security - User Admin - Part 05

 What is SUIM in SAP?

In SAP systems, SUIM stands for the User Information System. It is a powerful built-in tool that helps administrators, auditors, and security professionals explore and report on users, roles, and authorizations in the SAP landscape.

Transaction Code: SUIM
Module: SAP Security & Authorization Management
Purpose: Quickly generate reports and insights into user access and authorization assignments.

 

Why SUIM Is Important

SUIM lets you search, analyze, and extract information about users and their assigned rights in an SAP system. It’s especially valuable because security-related tables (like user tables) are often restricted in production environments — SUIM gives a safer, structured way to access this data.

Use cases include:

Identifying which users have specific authorizations
 Finding out what transactions a role permits
 Checking who can execute critical actions
 Auditing changes to user roles and profiles
 Creating where-used lists for roles or authorization objects

 

Key Features

1. Comprehensive Reports

SUIM offers many report categories:

  • Users
  • Roles
  • Profiles
  • Authorization Objects
  • Transactions
  • Change Documents
    (For example, you can list users with access to a particular transaction or identify all roles containing a specific object.)

2. Search by Complex Criteria

You aren’t limited to simple queries — SUIM can handle complex selection combinations such as:

  • Users who have a specific authorization object with a given field value
  • Roles that include a set of transactions
  • Profiles containing a particular authorization value
    This makes SUIM a flexible investigative tool.

 

3. Change Tracking

SUIM can show changes in authorizations, roles, and profiles over time — helping with compliance and audits.

You can see when an authorization was added or removed and who made the change. This is especially useful for security reviews or internal audits.

 

How Administrators Use SUIM

Here are typical real-world scenarios:

Checking Role Content

Want to know what a role allows? SUIM can list all transactions and authorization objects within a role.

Finding Users With Critical Access

You can generate lists like “Users with SAP_ALL or similar powerful profiles” — useful for compliance checks.

Comparing Across Objects

SUIM allows comparisons of users, roles, and authorizations — helping you spot inconsistencies or gaps in your security model.


From the next sessions, we will explain related user admin each process practically with screenshots 🙂

Comments

Post a Comment

Popular posts from this blog

Introduction of SAP

  What is the SAP? SAP ( Systems, Applications, and Products in Data Processing ) refers to a German software company and its popular Enterprise Resource Planning (ERP) software. SAP consists of two categories modules 1. Technical Modules Technical modules focus on system administration, development, integration, and security. These include: SAP BASIS – System administration SAP Security – User roles, authorizations, and access control SAP GRC – Governance, Risk, and Compliance management SAP BTP – Business Technology Platform for cloud development and integration SAP ABAP – Programming and customization of SAP applications 2. Functional Modules Functional modules support specific business processes and aligned with business requirements. These include: SAP MM – Materials Management SAP SD – Sales and Distribution SAP PM – Plant Maintenance SAP HCM – Human Capital Management SAP ...
Read more

SAP Security Introduction

 SAP Security consists of two categories 1. User Administrator (User Admins) 2. Role Administrator (Role Admins) Some projects are handled by two different consultants. In other projects, a single consultant handles both tasks, including User Administration and Role Administration.   1. User Administrator (User Admins) We use transaction codes such as SU01, SU10, PFUD , etc., for User Administration activities. User ID characters Min 1 character and Max 12 characters. Note: The allowed characters are letters (A–Z), numbers (0–9), and special characters including underscore (_), dot (.), and hyphen (-). Password characters Min 8 character and Max 40 characters. Note: The allowed characters are Uppercase letters (A–Z), Lowercase letters (a–z), numbers (0–9), and special characters including @ # $ % ! etc. Important SAP Security Parameters: Login/min_password_lng : Minimum password length Login/min_password_digits : Minimum digits Login/min_password...
Read more

SAP Security - User Admin - Part 04

  What Is User Comparison in SAP? User Comparison in SAP is a technical process used primarily by SAP security and system administrators to ensure that user authorizations match their assigned roles and profiles . It’s a key part of SAP’s security model and ensures that users can actually use the permissions that have been assigned to them in the role-based access control system.   Why User Comparison Matters In SAP, there’s a difference between: Assigning a role to a user And making the authorizations effective When an administrator assigns or removes a role, SAP doesn’t always immediately update the user’s master record with the correct authorization profiles. This is where user comparison comes in: it reconciles the user’s master record so that the system knows what the user really has permission to do. Put plainly: ✔ Without user comparison — a user might have a role but no effective authorizations ✔ With user comparison — the user ’ s prof...
Read more