Compare Bulk Roles

Hi All Gurus,
I need to compare roles between two systems.
I know we can do in SUIM, but it allows doing just one role at a time.
I want to do Mass role comparison.
Is there a Program or Tool in SAP that allows Mass Role Comparison?
Any help will be appreciated
Thanks
Sid

Sid,
I assume dual maintenance mean you are not transporting the role(s) from one system to another. You can try using the mass role download and mass role upload of role and run SUPC after upload to generate the profiles to keep them in synch.
As far as I know, SAP does not have the report you are looking for, of course you can always develop a custom report. Many of us do that all the time. We also rely on Excel & Access to supplement reports that SAP does not provide.
With the PFCG features (transport, role download & upload), I never have to compare same role across systems, because I only maintain the role once even for a Dual Maintenance landscape (Two DEV systems – Production Support & future phase for the project). We just have the business process to download the role(s) from one system to another right after update.
Hope you find your solution.
Thanks,
Lye

Similar Messages

  • Comparing the roles b/w two systems

    hi
    to all
    i want to know is it possible to compare the roles between two system i.e., source system (old version system)and target system(new version system).

    Hi,
    Hi,
    These tcodes are mainly used to compare the authorisations objects assigned to two different users/roles/profiles etc in same or diff systems.
    To compare between two
    Tcodes
    Users----
    S_BCE_68001430
    Roles----
    S_BCE_68001777
    Profiles----
    S_BCE_68001431
    Authorizations----
    S_BCE_68001432
    Hope this helps.
    Pl award suitable points.
    Regards

  • Bulk Role Delete

    I want to unassign a set of roles for a number of users and delete the user accounts for these users.Is it possible to do this using the Bulk Action option available in SUN IDM 8.1? If so what should be the format of the csv file I need to give as input? Currently I am giving a file with the content:
    user,command,roles,resources
    206812,delete,|Remove|A:Portal LDAP:All Users,MYNMG
    But this is only deleting the resource MYNMG. It is not unassigning the role A:Portal LDAP:All Users. Can someone tell me what the error in my input file is?
    Also which option should I choose from the Action dropdown?

    Hi,
    This is the command file I use to remove roles.
    command,user,waveset.roles
    Update,206812,|Remove|A:Portal LDAP:All Users
    Hope this helps

  • Modifying bulk role

    Hello Everybody,
    I have a unique requirement . I need to modify more than 1000 roles .
    Modification is as following
    I need to change the "BSART" field of "M_BEST_BSA" object from "*" to new values. In fact document type restriction is now going to be implemented for ME21N , ME22N transaction.
    I guess manually changing each role will take long time . I tried for recording"PFCG" thru SCAT but there is lot of difference in the present roles like there multiple entry of this object in a role etc.
    Anybody can suggest a faster way doing this.
    Thanks in advance.
    Regards
    Santanu

    > I need to change the "BSART" field of "M_BEST_BSA" object from "*" to new values. In fact document type restriction is now going to be implemented for ME21N , ME22N transaction.
    >
    > I guess manually changing each role will take long time . I tried for recording"PFCG" thru SCAT but there is lot of difference in the present roles like there multiple entry of this object in a role etc.
    This is probably not going to help you, but if all the authorizations of M_BEST_BSA are in "Maintained" status for which you want to make this change and the "" had been entered manually without overwritting any existing proposal values or had itself come from SU24 as a "", then you could change it there (centrally) to make your life a bit easier.
    But you should only do this if you knew what you were doing when you built the roles already and implemented the authorization concept (including the concept of * in BSART. A retro-fit is typically too late.
    Cheers,
    Julius

  • Compare a role in two different systems

    Hi All,
    Is there way to comapare a role in 2 differnet systems as we have dual landscape for ECC.
    Thanks,
    Lisa

    @ Partha - I don't think you have got time to read the thread carefully
    @ Nishant - Your concern is right if both the system using same naming convention. In that case OP would get a warning before uploading the file. However one can change the role name in text file by replace method. Just to keep in mind to keep same char length for role name. And also to be carefull if any other data may get replaced apart from role name :-d
    Regards,
    Arpan Paik

  • Is Role blocking possible?

    Hi All,
    There are many derive roles created in development and moved to quality and production environment.
    1.Now is it possible to block selected bulk of roles for user assignment ?(So that these set of roles can not be assigned to any user in quality and production)
    2.Also One should not be able to transport these set of bulk roles from development system to the other systems ?
    Thanks in advance.

    HI All,
    Thanks for your response
    See I can restrict role assignment.... by restricting particular consultant authorization in that case I will have to change authorization of large number of users (SAP security consultant)who have authorization to assign all roles right now.
    I am looking solution at role level so that a consultant's authorization will not be changed
    And smiler case with roles transport a consultant can make roles Transport request  but those particular roles could not be attached to Transport request.
    There are around 3000 roles which should not be assigned to any end user and will be used later in business
    and roles which can be assigned are more then10,000
    If we see objects S_USER_GRP, S_USER_AGR there is Role Name field  is not taking  range like IN54 to IN90
    So is it possible to make individual entry of more then 10,000 roles in field Role name( ACT_GROUP)

  • SOD User Violation report by Business Role

    All,
    Is there a current method for generating a User violation report that shows all SOD's via the technical role and which Business role that, the Technical role is associated to in GRC?
    Currently the reports that I am seeing do provide the transaction, authorization, and technical role level of any violation and what business process triggered it but does not show which business role(s) that these conflicting SOD's reside in.  (especially if a user is assigned to 2 or more business roles)
    Audit is pulling reports of users with SOD's and asking to re-mediate the SOD but currently we have to do dumps of all of the business roles a user is assigned to and then compare the role listed in the violation with the technical roles listed in the assigned business roles of the user.
    is this available at all?  or maybe in 10.1?

    Dear Michael,
    yes exactly - the new feature comes with the note. It is also possible to implement this note in 10.0 (it's included in SP17 but can be implemented earlier).
    See the following screenshot how it looks like in an productive environment after implementing this note:
    [BR] stands for Business Role.
    Hope this answer the question.
    Bestregards,
    Alesandro

  • Mass Role Import  -- 9000 derived roles with 9 org Levels, how to get TXT

    Hello,
    I hava a problem.
    I want to use the (Mass Role Import) Bulk Role Import element in the ERM  (SAP GRC AC 5.3 )for importing SAP roles (I only found that way to import roles from SAP).
    I have 100 primary roles and more or less 9000 derived roles with 9 org Levels.
    Is there a way to get this 9000 derived roles with their 9 org Levels in a TXT file?. Or do I have to do it manually this part to insert it in the "Bulk Role Import ".
    Can someone help me?
    Thank you in advance.
    Pablo Mortera.

    Hi Mike,
    what kind of TA´s are in your role. Is it possible to integrate a "dummy" TA (without conflicting
    your SOD)?
    In my example I have CO TA´s bundled in a role:
    Role:   ZXXXX_O:CO_ORDERMANAGER_CRE - CO Order Manager Pflege
    with
    KO01 Create Internal Order ...
    KO02 Change Order ... 
    KO04 Order Manager ... 
    KOK2 Collective Proc. Internal Orders ... 
    KOK4 Aut. Collect. Proc. Internal Orders
    update this role with TA KO01 and KOKRS will be available for derivation.
    Done this manually without import in ERM.
    Reg,
    Ulrich

  • Role Comparison Results Not Clear

    I'm using transaction S_BCE_68001777, program RSUSR050 to compare a role in DEV to itu2019s PRD version.  The first screen for Compare Contained Authorizaitons  (500)  seems to report differences accurately.  But when I choose one of the different objects to see the detailed differences, the next screen (800) does not indicate the differences. It looks like each role has the same values, which is not true. 
    In a specific case, I removed Activity 01 in the DEV version.  The object has a yellow traffic light in screen 500 (good), but screen 800 shows the activities to be 01 through 04 (not good).
    The layout of this screen seems to have changed in ECC6.0 than in previous versions, so maybe I'm not using it correctly.  Did anyone else have trouble with this program's results?

    Are there other authorization instances of the object in the role?
    Yellow means it is different and not *
    Whether they amount to the same is then your problem if ranges are found (and used) and rsusr050 does not evaluate the valid values and whether or not they are in the range.
    --> Remove the ranging of field values and it will work.
    Another possible cause is profile name collisions. Search SDN for term "AGR_NUM_2" and take a closer look at the FAQ thread for common problems related to transporting roles.
    Cheers,
    Julius

  • Role Comparison Cross System - alternatives to RSUSR050

    Hello Experts,
    Would there be an alternative for Cross system role comparison outside of using RSUSR050 ?
    We have a variety of landscapes and are on different basis levels...SAP notes have corrected all but one
    which is older release level- business not ready to upgrade this one
    I have dabbled with SCMP tcode but results are not clear or complete. I was using table AGR_1250 and 1251
    Any thoughts appreciated ..
    Dan.

    Thanks Bernhard,
    i guess i need a little instruction on how to use this tcode (if that's the best method). When i compare  2 roles that are different
    SCMP notes they are the same ? but i notice there is a field that selects Role id - only allows one numeric input. Can't seem to
    get an entire display of the auth objects. I did this by entering our RFC dest and table name AGR_1251.
    Any other alternatives.   The SUIM (RSUSR050) works fine functionally and we have RFC dest but because of the differing Basis levels on this particular destination server- the results are erroneous and incomplete.  Thanks !

  • Comparison of analysis authorization roles ?

    Hello Experts,
    I am using BI7.0 new analysis authorization concept.
    I know how to compare pfcg role across systems but does anybody know how we can compare analysis authorization roles across systems?
    Thanks and Regards
    Imran

    Hi,
    Easy comparison of roles (PFUD):
    Many times the Role Comparison (Profile match up) is required after the transport of roles. One usually does it from PFCG for each role individually. For a quick solution to this problem, use transaction code PFUD.
    Please check the below link :
    http://help.sap.com/saphelp_bw21c/helpdata/en/5c/deaa7dd3d411d3970a0000e82de14a/content.htm
    http://help.sap.com/saphelp_nw04/Helpdata/EN/5c/deaa7dd3d411d3970a0000e82de14a/content.htm
    http://help.sap.com/saphelp_nw70/helpdata/EN/c1/db3fc2fd3111d5997a00508b6b8b11/content.htm
    http://help.sap.com/saphelp_mic10/helpdata/en/69/1810a4c51144dc833353183155ec88/content.htm
    Regards
    Sreedhar Reddy

  • Dynamic role Assignment in Portal using Web dynpro Java?

    Hi All,
    We have following requirement for dynamic role assignment.
    1) User Login to Portal.
    2) User Clicks on Home Tab in Portal, through RFC/BAPI, get Role from Backend(ECC) and compare the role ID with Portal Object ID through UME.
    Role gets assigned in Portal after comparison, if it exists in Portal.
    Can you please let me know what all steps I need to do to complete the above assignment.
    Thank you
    Ravi

    Thanks Tobias.
    To be precise I will explian my requirement.
    1) User Login ( User ID will be input to RFC)
    2) RFC will get Role for that user ID from Backend(ECC) and return that role ID to Portal.
    3) Now With the help of UME API, need to search role ID in Portal, If it exists, no action.
    If Role ID does not exists, then it shuld assign that role in Portal.
    Sorry for tedious comment.
    I am a bit new to webdyn pro.
    Can you please tell me each step i need to follow to complete the above requirement.
    Many Thanks,
    Ravi

  • Error that "specify a value for variable posting period (single value entry

    hi
    My query is running testing fine in RSECADMIN under some username..but when i try and open it using analyzer (under same username) it gives me error that "specify a value for variable posting period (single value entry, mandatry)" it does'nt even asks to enter variable values and gives this error message.
    However the same query appears to be working fine under different username.
    plz advise.

    Hi Abhinav,
    Just do one thing compare the Roles of two different users for which Query is getting executed and not.
    Check the Object S_RFC.
    Compare the Objects detail for Both the Users.
    Please Assign points if useful.
    Regards,
    Rajdeep.

  • Automatic Delivery creation through VMS

    Dear Automotive wizards,
    We are using the Vehicle Management system for or automotive process as a distributor and retailer.
    The sales order - delivery settings are NOT for automatic delivery creation. However, in some cases, the delivery is getting created aytomatically in the background.
    Have done some introspection in thes 'some' cases and found that they pertain to our 'used care business'. Therein we are using only standard document typesand no changes have been done in their settings. But in some of those cases whenever a sales order is created from the VMS the R3 is also creating a delivery. This delivery doenst show in the vehicle history hence has to be dug out by looking in the dpcument flow for the sales order. The order / delivery setting are NOT for automatic creation.
    Do advise how to go about resolving this unnecessary 'speed breaker' in the IS AUTO highway!
    Thanks and regards,
    Tariq

    Thanks for the pointers but I have explored that earlier and the info therein shows that the delivery was created by the same ID and at the same time when the order was created.
    In fact the user is oblivious of the situation too since he/she is working in the VMS and from there they are supposed to move on to create the order after the delivery. But this delivery gets created by itself in the R3, and you would recall that the R3 docs dont get reflect and hence do not update the VMS vehicle status. thereby the vehile status is still as "sales order created" in VMS but the R3 has as "delivery created" there being a mismatch the VMS stops further processing.
    By the above you woujld have also got to know that we dont have batch processing or anything like that, pure simple and manual creation of dlivery through the VMS.
    The strangest thing is that it happens for only some of the times, and for only some of the users. I have tried comparing he roles for access but all have the same access. Would there be any settings for storage location specific in R3 for delivery creation? or likewise?
    Thanks and regards,

  • Authorization Issue with infotype

    Dear Guru's,
             There are a couple of Customer IT that have been created. For which I have also assigned the authorization. But for some of these Infotypes though the user has no authorization he is able to access it.
            Can you guys give me a heads up on what might have gone wrong...
    Regards
    Vijaya Sankar

    Vijay,
    You may have already tried this but the first thing that pops into my head is to use SUIM.
    Roles -> Roles by authorization values  ->  plug in P_orgin or P_orgincon  (Whichever object you use)  -> then under infotype plug in the value of the infotype you DON'T want them to see.  Hit execute.  Then compare those roles to the access your users have.
    Thanks,

Maybe you are looking for

  • Itunes Store App Update dissapears

    The Itunes Store App Update dissapears , now to update an app we cannot plug the iphone and update the app from the app store like in the past. we have to update the app directly from the iphone ,   itune is missing a in itunes iphone app updater.

  • Transferri​ng data from a DOS 5.0 (Win 3.1) Computer to a Windows XP Computer - Using Labview

    In 1992 my lab purchased a Particle Size Analyzer (Microtrac series 9200) that came with a Compaq computer (DOS 5.0, Win3.1) and a printer.  Due to proprietary software restrictions I currently need to keep the analyzer software operating on the DOS

  • Trying to run itunes 9.

    I just installed the latest version of itunes from the website and it said it was successfully installed. However, when I click on the icon, it runs through its install process and at some point I get this error. Problem with Short cut Fatal error du

  • How to open .cmx files?

    Hi, I have data of images with .cmx formats.  Do you know how to open them with Adobe Illustrator on Mac? Thanks.

  • Disable cells at runtime

    Hi, I have a JTable with 5 columns. Out of which I have 3 columns with checkboxes. Column1 || Column2 || Column3 || Column4 || Column5 Cell1 (CheckBox) || Cell2 (CheckBox) || Cell3 || Cell4 || Cell5 (CheckBox)I have a checkbox outside this table. And