Depending on how they performed the activity and the multiple meanings of * when you search you may prefer to review table AGR_1251 directly selecting a single value of *. Too bad the SUIM reports do not allow the selection options like a table display. Since you would do this in development, there should be no issues to identify the roles with direct table access.
The selection will returns a list like this:
If your consultants delivered poor quality, they should remediate this for free as using * for S_TCODE has never been best practice for production roles.
Is there any way to see what the users did when they had the wide open roles? Internal auditor wants to see what tcodes they were accessing each day.
Thank you for your help.
We are looking into more training. It was just hard to do much before go live with a full 65+ hour week in the old job role and trying to take on a full time new role job with no backup for me.
Thanks for your help.
I should have responded sooner but not sure if you got your answer. Yes, there are multiple ways to determine what transactions were executed and it depends on your system settings and environment. Depending on your system settings, the system statistics track all transaction activity. In the statistics this data is summarized into a monthly bucket so the number of times a transaction was executed and by whom is tracked per month. If you also have GRC Access Control, these statistics can be pulled in detail into GRCACTUSAGE table. This is a full audit trail with every execution with time stamps by user. If you do not have GRC, your BASIS team should be able to show you how ST03N works.