When we working on SAP tasks (implementation tasks, daily, weekly, mounthly operation tasks etc.), we have encounter the topic of Authorization, Roles & Users very often. SAP has provided a set comprehensive reports to help us on this.
Under the User Information System (TCODE: SUIM), you can find a comprehensive reports as below can be used.
Reports
RSUSR000 : Currently Active Users
RSUSR002 : Users by Complex Selection Criteria
RSUSR002_ADDRESS : Users by address data
RSUSR003 : Check the Passwords of Users SAP* and DDIC in All Clients
RSUSR004 : Restrict User Values to the Following Simple Profiles and Auth. Ob
RSUSR005 : List of Users With Critical Authorizations
RSUSR006 : Locked Users and Users with Incorrect Logons
RSUSR007 : Display Users with Incomplete Address Data
RSUSR008 : Critical Combinations of Authorizations at Transaction Start
RSUSR008_009_NEW : List of Users With Critical Authorizations
RSUSR009 : List of Users With Critical Authorizations
RSUSR010 : Transactions for User, with Profile or Authorization
RSUSR011 : Lists of transactions after selection by user, profile or obj.
RSUSR012 : Search authorizations, profiles and users with specified object va
RSUSR020 : Profiles by Complex Selection Criteria
RSUSR030 : Authorizations by Complex Selection Criteria
RSUSR040 : Authorization Objects by Complex Selection Criteria
RSUSR050 : Comparisons
RSUSR060 : Where-used lists
RSUSR060OBJ : Where-Used List for Authorization Object in Programs and Transacti
RSUSR061 : Enter Authorization Fields
RSUSR070 : Roles by Complex Selection Criteria
RSUSR080 : Users by License Data
RSUSR100 : Change Documents for Users
RSUSR101 : Change Documents for Profiles
RSUSR102 : Change Documents for Authorizations
RSUSR200 : List of Users According to Logon Date and Password Change
RSUSR300 : Set External Security Name for All Users
RSUSR301 : Fill non-checking transactions with auth.object S TCODE
RSUSR302 : Delete authorization check on object S TCODE from table TSTCA
RSUSR304 : Reload Table TSTCA From Table TSTCA_C
RSUSR400 : Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 : Report to give all SAPCPIC users profile S_A.CPIC
RSUSR402 : Download user data for CA manager from Secude
RSUSR403 : Assign Profile S_A.CPIC to User SAPCPIC in Current Client
RSUSR404 : Conversion Program for Authorizations of Basis Development Environ
RSUSR405 : Reset all user buffers in all clients (uncritical)
RSUSR406 : Automatically Generate Profile SAP_ALL
RSUSR406_OLD : Automatically Generate Profile SAP_ALL
RSUSR408 XPRA : Conversion of USOBX-OKFLAG, USOBX-MODIFIED for upgrade tool
RSUSR409 : Transfer all translated titles to generated transaction codes
RSUSR421 : Clean-up report: TSTC-CINFO if no check in TSTCA
RSUSR500 : User Administration: Compare Users in Central System
RSUSR500D : Report RSUSR500D
RSUSR998 : Call Reporting Tree Info System
RSUSREXT : Enter Correct SNC Names in Table View VUSREXTID (from SAP R/3 4.5)
RSUSREXTID : Enter Correct SNC Names in Table View VUSREXTID (from SAP R/3 4.5)
RSUSRLOG : Log Display for Central User Administration
RSUSRSCUC : CUA: Synchronization of the Company Addresses
RSUSRSUIM : User Information System
RSUSR_S_USER_SAS : Activate Authorization Object S_USER_SAS
RSUSR_S_USER_SAS_01 : Complete Authorization Data for S_USER_SAS in Roles
RSUSR_S_USER_SAS_02 : Convert Authorization Defaults
RSUSR_SYSINFO_PROFILE : Report cross-system information/profile
RSUSR_SYSINFO_ROLE : Report cross-system information/role
RSUSR_SYSINFO_ZBV : Report cross-system information/CUM
TABLES
User/Security tables
DEVACCESS : Table of development users including dev access key
USR02 : Logon data
USR04 : User master authorization (one row per user)
UST04 : User profiles (multiple rows per user)
USR10 : Authorisation profiles (i.e. &_SAP_ALL)
UST10C : Composit profiles (i.e. profile has sub profile)
USR11 : Text for authorisation profiles
USR12 : Authorisation values
USR13 : Short text for authorisation
USR40 : Tabl for illegal passwords
OBJT : Authorisation objetc table
Tables connected to roles
AGR_DEFINE : Role definition
AGR_PROF : Profile name for role
AGR_USERS : Assignment of roles to users
AGR_TCODES : Assignment of roles to Tcodes
AGR_1251 : Roles with authorization objects and value (as seen in su01 -> roles)
AGR_1016 : Name of the activity group profile
USR10 : User master authorization profiles
UST12 : User master authorizations
USOBT : Relation transaction > authorization object; which objects are checked
