Skip to Content

reading the table AGR_1251

Hello community,

I am currently auditing composite roles in my company in order to update the internal SoD matrix.

I want to emphasize that I had a SAP training back in school and that I am not from an engineering background and I have a full display access to SAP.

For my analysis I want to know which transactions are assigned to single roles (in composite roles) and understand how these roles are parametered.

My first approach (a long and fastidious one) was using PFCG:

- Using AGR_AGRS to identify single roles

- select specific single roles to analyze

- use PFCG to see if the transactions are set on create, modify, display only, etc.

This approach seems to be complicated to implement in the long run given the number of roles i will have to analyze.

My second approach was using USOBT_C and AGR_1251 - through information gathered from different parties:

- extract the table USOBT_C for my transactions

- extract the table AGR_1251 for the roles I am analyzing

- In AGR_1251 lookup the transaction in "Low" column and the relevant "AUTH" (let's name it A)

- In AGR_1251 lookup the relevant "OBJECT" from the table USOBT_C (Let's name it B):

When the OBJECT = B and AUTH = A then we have the relevant information for our transaction in the role analyzed through AGR_1251.

Can you please confirm this methodology and / or help me further my understanding of the tables involved in my analysis?

If my analysis is long and fastidious, can you put me in the right direction regarding this kind of analysis?

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Posted on May 30, 2019 at 04:36 PM

    I recommend to use SAP Access Control to identify and remedy access violations and SoD conflicts.

    Otherwise you might consider the report for critical combination (Transaction code S_BCE_6800211). After you customized the report - according to your needs and requirements - you can analyze critical authorizations or authorization combinations for users and roles. Please see the program information available within the transaction code, which gives you a rich explanation about the report.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.