Unfortunately, since the consultants coded in specific user exits for the approval functionality, none of the SAP delivered reports are going to be reliabe in determing who has what (unless the code is looking for a specific auth value). It sounds like that built some sort of workflow functionality into the transaction to allow it to wait for different approvers. I would have an ABAP person evaluate the code and document its intentions.
Dig Deeper on SAP security administration
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.