Hi,
I'm currently looking at a number of users with access to sensitive transactions (e.g. SCC4).
When looking at a combination of the AGR_ROLES and AGR_TCODES tables I can see there is currently only one active role and one active user assigned this access which would fall in line with what was to be expected based on the population I am looking at (we're not concentrating on auth object level for now).
However when I go through SUIM and filter on users by complex criteria and enter transaction code SCC4, about 20-30 users pop up (this is how many people used to be assigned access to SCC4).
When access was removed for these 20-30 users, it was done at 'role level' so my question is, even if roles have been removed, when looking through SUIM would a user still appear to have transactions associated with that role assigned - if so, why does this happen? I assumed once a role is removed it would removed the underlying transactions etc with it?
My assumption at the moment is that even though SUIM is showing users still have access to SCC4 they can't actually use it as the role it was associated with has been removed.
Any help/clarity on this would be greatly appreciated.