Hello community,

I am currently auditing composite roles in my company in order to update the internal SoD matrix.

I want to emphasize that I had a SAP training back in school and that I am not from an engineering background and I have a full display access to SAP.

For my analysis I want to know which transactions are assigned to single roles (in composite roles) and understand how these roles are parametered.

My first approach (a long and fastidious one) was using PFCG:

- Using AGR_AGRS to identify single roles

- select specific single roles to analyze

- use PFCG to see if the transactions are set on create, modify, display only, etc.

This approach seems to be complicated to implement in the long run given the number of roles i will have to analyze.

My second approach was using USOBT_C and AGR_1251 - through information gathered from different parties:

- extract the table USOBT_C for my transactions

- extract the table AGR_1251 for the roles I am analyzing

- In AGR_1251 lookup the transaction in "Low" column and the relevant "AUTH" (let's name it A)

- In AGR_1251 lookup the relevant "OBJECT" from the table USOBT_C (Let's name it B):

When the OBJECT = B and AUTH = A then we have the relevant information for our transaction in the role analyzed through AGR_1251.

Can you please confirm this methodology and / or help me further my understanding of the tables involved in my analysis?

If my analysis is long and fastidious, can you put me in the right direction regarding this kind of analysis?