Why You Should Use SUIM Very Carefully When Analyzing SAP Authorizations

The Most Popular Activity for Analyzing SAP Authorizations

In many SAP audits or audit-related processes involving SAP systems – either while preparing for an audit or prior to a regular inspection for audit purposes – customers are guided by their auditors to use SAP T-Code SUIM (User Information System). Sometimes, the auditors themselves are using SUIM to better understand customers’ authorizations and sensitive objects. The SUIM activity (in SAP terms “Transaction” or “T-Code”) can be confusing to the novice user – and often to the auditor as well. Making decisions, or moreover announcing defects on the customers’ systems based on data from SUIM, can be a mistake if the person using SUIM does not understand this activity’s limitations.