Hello, ladies and gentlemen,
I would like to write an experimental program that would help me understand how some weird and big roles, I have here, were created. I feel that some parts of the roles come from the SU24 suggestions and some were obviously changed/ added manually.
Here is what I would like to compare
a) the ideal role, if it would be generated only (no manual changes) based on the SU24 suggestions for the "objects" listed in the role menu
The premise here is that I can generate a reasonable and usable role based on the SU24 entries only. If you think this is crazy, let me know, but also let/ help me build the report so I can learn myself:))
b) a real role - the one that exists in the system
I can get a list of the auth objects that are parts of the role easily (tab AGR_1251).
I can also get a list of SU24 suggestions for various objects I can use in the role menu.
The last step to be able to build the comparison is that I don`t know how to connect role menu entries with the role. Or better: I can easily get a list of transactions used in the menu. That`s fine. But I can also add a function module into the menu (for example) but see this one as a SERVICE in tables only, without the additional details (FM name would be nice).
So I am not able to use this "SERVICE" to go to USOBX_C and get the SU24 suggestions for the function module.
Can anybody suggest a way, how can I get a whole list of objects used in a role menu, not only the transactions?
Thanks,
Otto
Hi,
if you open a role in PFCG you can see which authorization objects were added manually to the role and which have modified values from default SU24 values (see [documentation|http://help.sap.com/saphelp_nw04/helpdata/en/5c/deaa77d3d411d3970a0000e82de14a/frameset.htm]). I don't have access to any system right now but you should be able to figure out what logic is used in PFCG. You might be able just to reuse internal function module.
Cheers
Hi Otto,
Should the 'MODIFIED' field in table AGR_1251 help here.
Table AGR_HIER, field 'extended name' (=SERVICE) OR Reporttype not equals to TR can give where Tcode is added as Service.
The comparision,of course is not so quick, specially if you have big implementation. May xls or access be also helpful here (analysing data from agr_1251, USOBT_C, AGR_TCODES, AGR_HIER).
--Kamal
Add a comment