Transaction Report - Roles

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Post Reply
Jennifer

Transaction Report - Roles

Post by Jennifer » Wed Oct 30, 2002 4:58 pm

Does anyone know if SAP provides a report to list all transactions maintained in a role (for 4.6C)? I don't just need the info for one role, I need it for all the custom roles we created.

Guest

Post by Guest » Thu Oct 31, 2002 2:44 am

use transaction SUIM. there you find all the options you are
looking for.

Al

Post by Al » Thu Oct 31, 2002 4:41 am

Hi Jennifer,

If you have a naming convention for the profiles for the custom roles then you can use table UST12.

Enter S_TCODE for the Object/OBJCT field
Enter you profile name i.e. Z* in the authorisation/AUTH field

This will very quickly tell you all the transactions that users have access to - these won't necessarily appear in their menu, but will be available if they use the transaction fast entry box.

Alternatively you could use table AGR_1251:-

Role/AGR_NAME Z* etc
Object/OBJECT S_TCODE
note, this is a "quick & easy" method of finding T_CODES within a role, but is potentially not as accurate as using UST12, especially if not all the roles are generated.

it may also be worth looking at table AGR_TCODES. As before potentially not 100% accurate, but "quick & easy".

John A. Jarboe

Post by John A. Jarboe » Thu Oct 31, 2002 9:11 am

The above options will yield semi accurate data. BUT...
SUIM is based on the USTxx tables which get out of sync withthe real tables USRxx,
AGR_TCODES only shows what is in the menu not in authorization fot object S_TCODE
AGR_1251 only shows what CAN be in the access not what actually is, PFCG ia only a temporary info sheet that has no meaning until you hit generate, so is a role was "saved" and not generated the real access is not reflected in the AGR_xx tables
UST12 is a text table that gets out of sync with the real Security tables.
You can run the Sync function module in mode 'X' to increase the accuracy but it can generate an error and add more access to the user than the role originally had if you do not have the lastest path.

so if you want the get a 100% accurate answer you will have to use tcode OPF0 ( it looks like SU01) and the menu pathe INFORMATION-OVERVIEW-USER or Authorization or profile.. The only quirk is the entries in the fields are case sensative....

tonysap

Post by tonysap » Thu Oct 31, 2002 10:31 am

try this transaction: S_BCE_68001425 - Roles by Complex Selection Criteria . :)

Post Reply