Skip to Content

TCode per department and user

Jan 22 at 09:11 AM


avatar image

Hello to everyone.

I have a strange request from the business. They want a report where they give a tcode or tcodes and the program will check which department has this/these and which users.

OK, I have found a couple of tables like AGR_TCODES (Assignment of roles to Tcodes), AGR_USERS (Assignment of roles to users) and USER_ADDR (Users by address data) to find what I want.

My question is: if a user has access to a tcode that it does not belong to one of his role, how can we catch this?

For example: I have access to VA03 but none of my roles is connected to this tcode.

Is there any way to catch this?

Thanks in advance


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

4 Answers

Best Answer
Elias Kekakos Jan 26 at 11:23 AM

Finally, I found the solution to what I was looking for. Here is the selection:

SELECT DISTINCT a~von e~ttext d~department d~bname d~name_first
                  d~name_last d~name_textc c~profile
      INTO CORRESPONDING FIELDS OF TABLE gt_tcode_per_dprtm_usr
    FROM ust12 AS a
      INNER JOIN ust10s AS b
        ON  a~auth = b~auth AND
            a~objct = b~objct AND
            a~aktps = b~aktps
      INNER JOIN ust04 AS c
        ON b~profn = c~profile
      INNER JOIN user_addr AS d
        ON c~bname = d~bname
      INNER JOIN tstct AS e
        ON e~tcode = a~von
    WHERE a~objct = 'S_TCODE' AND
          a~von   IN so_tcode AND
          e~sprsl = 'G'.

I want to thank all of you for your answers.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

You could also look in your system for table UST10C for composite profiles.

Mike Pokraka Jan 22 at 01:36 PM

Sounds like SUIM should already provide what you're after, or am I missing something?

Show 1 Share
10 |10000 characters needed characters left characters exceeded

My thoughts exactly.

If a transaction is not in the roles then it must be in a profile, I guess. There were some buttons in SUIM to show the profile assignment, I believe, although never really used them.

Vinita Kasliwal Jan 23 at 02:22 AM

I think SUIM should be able to provide that detail to you.
When you search for Va03 you would see some of Standard roles or the custom roles assigned and then compare with the roles and profiles assigned to your User ID

Im attaching 2 screenshots of how Ichecked which role has that Tcode and list of roles accesible by my ID

Lastly you can also ask Security to activate trace or check in SU53 what all authorisations you have if that helps you to identify more

From creating a report for all users SUIM is the best place

10 |10000 characters needed characters left characters exceeded
Steve Guo
Jan 22 at 09:56 AM

A very useful tool to track usage of transaction: ST03N and STAD. This transaction can report on different levels how often a specific transaction is used and by which users. This can be handy in determining authorization profiles after Golive. It can also be used by Big Brother to check whether end user testing has really taken place.

If you want to write your own probram, you can trace ST03n and find where the data stores

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Thanks Steve for your answer. I already have created a report which reads the audit logs and display the tcodes that users run.

But the business is asking sth more. I hope that their request is understandable.

Thanks again