Daniel Berlin on Security Insight on SAP security, development stuff… and all the rest

27May 12

Find step users in SAP batch jobs

Hello all,
using personal users to execute batch job steps is not a good idea!
Of course it's convenient, but those users might vanish or their authorizations might change – but how to clean this mess up? Since SE37 does not allow you to select jobs by step user, one might try to use SE16 (→ table TBTCP) to find the affected jobs… which will drive you crazy, believe me!

Report

This time, I'll provide you with another nice report to clean up your system and prevent any batch-related headache!

So:

  • Create a new report in SE38 and paste this source code (don't forget to set a program authorization group).
  • In the selection texts:
    • Tick "dictionary reference" for R_JOBNAM, R_SDLUSR and R_USRNAM
    • Leave all other texts empty ("?...")

  • Activate & execute.

Usage

On the selection screen you can choose the:

  • job name, -scheduler and -status (like in SE37) and
  • step user name (initially set to your user name, but try DDIC or SAP*).

Submit your selection and you'll get a result similar to this:

The columns at your disposal are:

  • Job name — … self-explanatory.
  • Job no. — the internal ID of the job.
  • Scheduler — the user, who scheduled the job.
  • Job status — … self-explanatory.
  • Step no. — the step ID that matches your selection (the job might consist of more steps).
  • Rept. name — the report or command.
  • Name — the step user (green, if the user still exists; red otherwise)

As always in my reports, you can double-click on almost everything:

  • Job name — goto SE37 and show all matching jobs by name.
  • Job no. — show only the particular job in SE37.
  • Scheduler — open SU01 for the user, who scheduled the job.
  • Step no. — display the step list of the selected job.
  • Rept. name — jump to SE38.
  • Name — show the step user in SU01.

Conclusion

Red is dead, green is clean … unless it's a personal user ! 😎