Skip to Content

TCode per department and user

Hello to everyone.

I have a strange request from the business. They want a report where they give a tcode or tcodes and the program will check which department has this/these and which users.

OK, I have found a couple of tables like AGR_TCODES (Assignment of roles to Tcodes), AGR_USERS (Assignment of roles to users) and USER_ADDR (Users by address data) to find what I want.

My question is: if a user has access to a tcode that it does not belong to one of his role, how can we catch this?

For example: I have access to VA03 but none of my roles is connected to this tcode.

Is there any way to catch this?

Thanks in advance


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    Jan 26, 2018 at 11:23 AM

    Finally, I found the solution to what I was looking for. Here is the selection:

    SELECT DISTINCT a~von e~ttext d~department d~bname d~name_first
                      d~name_last d~name_textc c~profile
          INTO CORRESPONDING FIELDS OF TABLE gt_tcode_per_dprtm_usr
        FROM ust12 AS a
          INNER JOIN ust10s AS b
            ON  a~auth = b~auth AND
                a~objct = b~objct AND
                a~aktps = b~aktps
          INNER JOIN ust04 AS c
            ON b~profn = c~profile
          INNER JOIN user_addr AS d
            ON c~bname = d~bname
          INNER JOIN tstct AS e
            ON e~tcode = a~von
        WHERE a~objct = 'S_TCODE' AND
              a~von   IN so_tcode AND
              e~sprsl = 'G'.

    I want to thank all of you for your answers.

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 22, 2018 at 01:36 PM

    Sounds like SUIM should already provide what you're after, or am I missing something?

    Add comment
    10|10000 characters needed characters exceeded

    • My thoughts exactly.

      If a transaction is not in the roles then it must be in a profile, I guess. There were some buttons in SUIM to show the profile assignment, I believe, although never really used them.

  • Jan 22, 2018 at 09:56 AM

    A very useful tool to track usage of transaction: ST03N and STAD. This transaction can report on different levels how often a specific transaction is used and by which users. This can be handy in determining authorization profiles after Golive. It can also be used by Big Brother to check whether end user testing has really taken place.

    If you want to write your own probram, you can trace ST03n and find where the data stores

    Add comment
    10|10000 characters needed characters exceeded

    • Thanks Steve for your answer. I already have created a report which reads the audit logs and display the tcodes that users run.

      But the business is asking sth more. I hope that their request is understandable.

      Thanks again

  • Jan 23, 2018 at 02:22 AM

    I think SUIM should be able to provide that detail to you.
    When you search for Va03 you would see some of Standard roles or the custom roles assigned and then compare with the roles and profiles assigned to your User ID

    Im attaching 2 screenshots of how Ichecked which role has that Tcode and list of roles accesible by my ID

    Lastly you can also ask Security to activate trace or check in SU53 what all authorisations you have if that helps you to identify more

    From creating a report for all users SUIM is the best place

    Add comment
    10|10000 characters needed characters exceeded