(i.e., If a S_tcode has va01, then does that mean he can create and do everything possible in va01?)
If that's not the case, then how can I find out if a particular user has authorization to that entire transaction code? Do we have to compare the objects to the fields that a user has to those objects required to run a transaction (i.e., the values that we get from USObx and USOBT tables)?
There is no single report that can tell you whether a user has access to an entire transaction. It is often difficult to even define what an entire transaction is from a user perspective.
Dig Deeper on SAP security
Related Q&A from Corwin Slack
A SearchSAP.com reader wants to know how to grant a user access to cost centers, as well as access to one cost element across all cost centers. Continue Reading
Learn how to stop SAP users from displaying HR table contents in an SAP table without restricting access to an SE16N transaction. Continue Reading
A SearchSAP.com reader who stores user email addresses within the SAP SU01 transaction code and wants to know where to locate the data. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.