How to find out who are all having access to a particular tcode in SAP system?

How to find out who are all having access to a particular tcode in SAP system?


This article answers the following queries

  •  How to find out who are all having access to a particular tcode in SAP system?
  •  How to find out which user ids are having access to a transaction in SAP system?
  • How to use SUIM tcode to identify users having access to a particular transaction in SAP system?


In some real time scenarios, if there is an emergency like, a  change to a table to be done but particular end user doesnot have access to change the tables.  Then they may approach basis administrator/security(authorization) consultant to identify those users who are having that access so that they can request them to change the same in case of emergencies. So, you should be able to identify those users and confirm to business users.
In general, basis/authorization consultant should be able to identify all user ids who are having access to a particular tcode. This can be done in the following way.
In this example, am demonstrating how to identify all the users who are having access to SE16 in a given SAP system.
Login to the SAP system and go to transaction SUIM as shown below :



How to find out who are all having access to a particular tcode in SAP system?


In the above screen, please navigate to user -> users by complex selection criteria -> By Transaction Authorizations (This is highlighted in the). Select that and click F8 or clock symbol (highlighted)  to execute. This results in the next screen as below :


How to find out who are all having access to a particular tcode in SAP system?




In the above screen, type any transaction code, which you would like to find who are all the users having access for the same. In our example, it is SE16.
Once you input transaction code, click on highlighted clock button, which results in the following screen which displays the list of users who are having access for SE16 in this SAP system.



How to find out who are all having access to a particular tcode in SAP system?

How to find out who are all having access to a particular tcode in SAP system?


To find out who has access to a particular TCode (Transaction Code) in an SAP system, you can use standard SAP transactions and tables. Below are multiple methods depending on your role and authorization in SAP:

 

What is Client in SAP ?

How to Find Users with Access to a Particular TCode in SAP

✅ Method 1: Using SUIM (User Information System)

Steps:

  1. Go to Transaction SUIM
  2. Navigate to:
    Users → By Complex Selection Criteria → By Transaction Authorization
  3. Enter the TCode (e.g., VA01, SE38, etc.)
  4. Execute (F8)

You’ll get a list of all users who have access to that transaction via their roles.

 

✅ Method 2: Using Table AGR_1251 and AGR_USERS

If you're familiar with SAP tables or using SE16N/SE11:

Step 1: Find Roles with Access to TCode

  • Go to SE16N
  • Enter table name: AGR_1251
  • In field S_TCODE, enter the transaction code (e.g., VA01)
  • Execute
  • This shows you all roles that include the TCode

Step 2: Find Users Assigned to These Roles

  • Go to SE16N
  • Enter table name: AGR_USERS
  • Enter the roles you got from the previous step
  • Execute
  • This gives you the list of users assigned to those roles

 Kuwait bus routes and numbers, bus route kuwait CityBus, KPTC, KGL Mowsalat. find Kuwait’s public transport Muscat خط الحافلات الكويت. 


✅ Method 3: Using SUIM → Roles by Transaction Assignment

You can reverse the logic:

  1. SUIM → Roles → By Transaction Assignment
  2. Enter your TCode
  3. Find roles, then use SUIM → Users by Role to get assigned users

 

✅ Bonus: Using PFCG (Role Maintenance)

  1. Go to PFCG
  2. Enter a role and click Display
  3. Under the Menu or Authorizations tab, see if the TCode is included
  4. Click User tab to see assigned users

 

Tips for Accuracy

  • Remember: A user having a TCode in their role does not guarantee execution access. Authorization objects (like S_TCODE, S_USER_TCD, etc.) also matter.
  • Run SU53 after execution denial to debug access issues.
  • Use ST03N to check who actually executed the TCode (useful for audit).

 SAP Client Creation (SCC4) & Logical system (BD54) in SAP

Here are the Top 10 Frequently Asked Questions (FAQs) on the topic:

"How to find out who has access to a particular TCode in SAP system?"

 

1. How can I find out which users have access to a specific TCode in SAP?

Answer:
Use transaction code SUIM (User Information System) →
Roles → By Transaction Assignment, then input the TCode.
You can then find roles that have access to it, and which users are assigned those roles.

 

2. Which transaction code is used to check user access for a TCode?

Answer:

  • SUIM – For checking users, roles, and TCode assignments
  • SE93 – To check the technical details of a TCode
  • PFCG – To review roles and authorizations
  • ST03N – To check who executed a TCode historically

 

3. Can I directly find a list of users who can execute a specific TCode?

Answer:
Not directly. You need to:

  1. Identify roles that include the TCode (SUIM → Roles by TCode)
  2. Find users assigned to those roles (SUIM → Users by Role)

 

4. What are the limitations of using SUIM for checking TCode access?

Answer:
SUIM shows static role assignments, not runtime access.
It doesn't consider conditional access (e.g., Organizational Level values or S_TCODE authorization combined with other objects). A user might technically have the TCode in a role but may still not be able to execute it due to restrictions.

How can I install WhatsApp on my computer?

5. How can I check if a user executed a particular TCode?

Answer:
Use ST03N (Workload Analysis) or SM20 (Security Audit Log) to view historical TCode usage per user.

 

6. Is there a report or table that stores TCode access by user?

Answer:
Not directly. You can refer to:

  • AGR_1251 – TCodes and authorization objects in roles
  • AGR_USERS – Users assigned to roles
  • UST12 – Authorizations
    But you'll need to combine data for meaningful results.

 

7. Can I use SAP Queries or custom reports for this?

Answer:
Yes. Many companies create custom Z-reports or SQVI/SQ01 queries that join tables like AGR_1251, AGR_USERS, and S_TCODE to report TCode access by user.

 

Visit for latest Job Vacancies and News indianinQ8.com 

8. How do I check TCode access across clients or systems?

Answer:
You need to log in to each client/system and perform the same SUIM analysis or use centralized tools like SAP GRC (Governance, Risk, and Compliance) for cross-system analysis.

 

9. What if the TCode is assigned through a derived role?

Answer:
The access is still valid. Check the parent role (composite or derived) and then trace user assignments using AGR_USERS and AGR_DEFINE.

 

10. How to export the list of users with access to a TCode?

Answer:
After using SUIM to find users or roles, click the "Export" button (or List → Export) to download the results in Excel, text, or clipboard format.

 

To summarize, the most straightforward way for functional users or auditors is via SUIM. For detailed technical or mass reporting, using AGR_1251 and AGR_USERS tables provides more flexibility.

Let me know if you'd like an SQL script, report version, or step-by-step screenshots for any of the above steps.

 Visit for More Forever Living Products - Forever Living Kuwait at https://foreverlivingkuwait.blogspot.com/


Post a Comment

0 Comments