How to check roles ?

Similar Messages

• How to check Role based on the User ID

  Hi All,
    Based on the User ID how to check the role of the particular person[ex Employee / Manager etc].In HR module in which table the details are present.
  Thanks.
  Regards
  Tina

  Hi Tina,
  Use FM: <b>HR_GETEMPLOYEEDATA_FROMUSER</b>
  This will give you all info related to User ID.
  In parameter EMPLOYEESUBGROUP , you will get position of this employee.
  Hope this helps.
  Regds,
  Akshay Bhawgat
  Note: Some points would be nice if it helps.
  Message was edited by: Akshay Bhagwat

• How to check role assignement

  Hello,
  I would like to offer a link to a WD application from my WD application
  - but only if the user has the correct role for that application.
  Unfortunately I don't have any data about authority object, I have just the name of the role the user should have.
  Is there something like role check??
  kind regards,
        Sahla

  Hi,
        DATA: it_profiles TYPE TABLE OF bapiprof.
        DATA: wa_profiles LIKE LINE OF it_profiles.
        DATA: it_roles TYPE TABLE OF bapiagr,
              wa_roles LIKE LINE OF it_roles.
  Get details from user master data
        CALL FUNCTION 'BAPI_USER_GET_DETAIL'
          EXPORTING
            username       = sy-uname
          TABLES
            profiles       = it_profiles
            activitygroups = it_roles
            return         = it_return.
  Check table it_roles or it_profiles.
  regards

• How to do Role and Authorization check in report program

  Hi Friends,
  Please provide me your guidance on how to add or give coding to check role authorisation of a particular field, input from selection screen.
  My requirement is,
  If the Fund center filed in my select option parameter has been filled, then I have to check the role authoriszation(which was created already) in the At selection-screen event to check and give access to the user to run the process further.
  Say my Fund center is "SH'
  and my Role authorisation to be settled to all users 'ZMM_BXI'.
  How to implement in report program, Please advise.
  Thanks & Regards
  Babu.

  Sorry SDN,
  Posted in a wrong Forum page.
  Please excuse.

• How to check granted privileges on role.

  Hi,
  Can any one explain how to check granted privileges on role.
  I have created one role called ALL_SYSPRIVS
  but I forgot what privileges granted to this role
  Thank you...

  Hi Vijay,
  Last week i saw the following thread:
  Finding the privileges assigned to a user
  Re: Finding the privileges  assigned to a user
  From there, you'll be able to find a few scripts that will provide you with an overview of grants assigned to user, or role....
  HTH,
  Thierry

• How to check the privileges assigned to a role

  Hi All,
  Can you please let me know how to check the privileges assigned to a role in Oracle?
  When I query the dba_tab_privs it says no rows returned.
  Please help..
  Regards,
  Dan

  user9212851 wrote:
  Can you please let me know how to check the privileges assigned to a role in Oracle?
  When I query the dba_tab_privs it says no rows returned.
  When you've checked the manuals and identified the views suggested by other posters you will find that it's still not a trivial problem since a role may be granted to another role - which means you need to do some recursion to uncover all the privileges available to a role.
  Pete Finnigan - who specialises in Oracle security - published some appropriate scipts a few years ago; they are probably still relevant. Here's a starting link: http://www.petefinnigan.com/weblog/archives/00001243.htm
  Regards
  Jonathan Lewis

• How to check if the user has only the display authority of a message

  hi,
  How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
  Best regards,

  hi blake
  though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
  Basically Authorization Management 
  Use
  You can use the following authorization objects to control the authorizations for maintaining business partner data:
  •        Authorization objects for the Business Partner:
  •     &#61601;        B_BUPA_GRP
  •     &#61601;        B_BUPA_ATT
  •     &#61601;        B_BUPA_FDG
  •     &#61601;        B_BUPA_RLT•       
  Authorization objects for relationships:
  •     &#61601;        B_BUPR_BZT
  •     &#61601;        B_BUPR_FDG
  In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
  You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
  In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
  For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
  IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
  Prerequisites
  You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
  Moving over
  AS ABAP Authorization Concept 
  The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
  To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
  Authorization Checks 
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  •        Starting SAP transactions (authorization object S_TCODE)
  •        Starting reports (authorization object S_PROGRAM)
  •        Calling RFC function modules (authorization object S_RFC)
  •        Table maintenance with generic tools (S_TABU_DIS)
  Checking at Program Level with AUTHORITY-CHECK
  Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
  AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
  Starting SAP Transactions
  When a user starts a transaction, the system performs the following checks:
  •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
  •        The system then checks whether the user has authorization to start the transaction.
  The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
  •     &#61601;        The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
  •     &#61601;        If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
  If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
  •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
  The check is not performed in the following cases:
  You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
  This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
  •     &#61601;        You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
  •     &#61601;        So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
  All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
  Starting Report Classes
  You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
  We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
  You must consider the following:
  •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
  •     •         There are certain system reports that you cannot assign to any authorization class. These include:
  •     •         RSRZLLG0
  •     •         STARTMEN (as of SAP R/3 4.0)
  •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
  •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
  Calling RFC Function Modules
  When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
  Checking Assignment of Authorization Groups to Tables
  You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
  You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
  please See also:
  •        SAP Notes 7642, 20534, 23342, 33154, and 67766
  guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
  but if u sit with ur BASIS guy then u can learn lot of things in PFCG
  i guess u r a basis guy,then its not a problem
  best regards
  ashish

• How to created roles in JAVA environment

  Can anybody tell me how to create Roles and profiles in JAVA only environment?
  Thanks in advance.

  Hai,
  Please check the below link, will help....
  http://help.sap.com/saphelp_nw04s/helpdata/en/5b/5d2706ebc04e4d98036f2e1dcfd47d/frameset.htm
  Regards,
  Yoganand.V

• How to check whether system privilege are granted

  How to check whether system privileges like 'create session' and other ones are granted for user.
  Is there any sys table where this information is available?
  Regards - Neuron

  Keep in mind select * from dba_sys_privs where grantee = 'some-user' will give you a list of privileges granted to some-user directly. To get complete list of system privs granted to a user both directly an via roles use:
  ACCEPT USER PROMPT 'Please enter user name: '
  COLUMN PATH FORMAT A90
  SET LINESIZE 132
  SELECT  PATH,
          PRIVILEGE
    FROM  DBA_SYS_PRIVS,
            SELECT  'DIRECT GRANT' PATH,
                    '&USER' GRANTED_ROLE
              FROM  DUAL
           UNION ALL
            SELECT  LTRIM(SYS_CONNECT_BY_PATH(GRANTED_ROLE,'->'),'->') PATH,
                    GRANTED_ROLE
              FROM  DBA_ROLE_PRIVS
              START WITH GRANTEE = UPPER('&USER')
              CONNECT BY PRIOR GRANTED_ROLE = GRANTEE
    WHERE GRANTEE = GRANTED_ROLE
  /Now on top of privileges granted to a user, user also has privileges granted to PUBLIC. To get privileges user receives via PUBLIC run the above script specifying PUBLIC at the prompt.
  SY.

• How to check whether the system has eclipse environment: urgent

  Hi gurus
  can you please tell me how to check whether my crm system has eclipse envirionment.
  Thanks
  shashi

  There is no way to check whether a system is used productively or not, I believe what you mean is checking a client is productive or not in an ABAP-stack based system. Remember although a SAP ABAP system is identified by a SID but from a business perspective the system is recognized by a client, as it is a unique business identity.
  Thus, to check whether the client is productive or not in txn SCC4 check the role of the client, it will show you the correct status. The data of SCC4 is stored in table T000, you can also opt to check that.
  - Regards, Dibya

• Does anybody know how to check if the business partner has the authority

  Does anybody know how to check if the business partner has the authority to change business partner relationship?
  Best regards?
  Blake Le

  Hi,
  Do you mean that you would like to check if the user has the authorization to create a relationship, or change the validity of the relationship?
  As per SAP architecture, authorizations are assigned to users, not business partners.
  Business partners, could be assigned to users, who in turn have authorizations. This is typically seen for business partners, with the role, Employee.
  Hope this helps,
  Regards,
  Nelson.

• How many single role we can attach to single user?

  Dear Friends,
  How many single role we can attach to single user?
  Sachin

  Hi Sachin,
  The below parameter can be checked for this topic. Infact the limit is about 9000 for this parameter and typically i have seen ID's in 4.7 environment with around 150 roles or more...
  <b>Auth/auth_number_in_userbuffer</b>
  When a user logs onto SAP, the authorizations contained in the user’s profiles are copied to a user buffer in memory.  The maximum number of authorizations copied is set by this parameter.  The size of the buffer must always exceed the maximum number of authorizations as authorization checks are made only against those in the buffer.
  Refer to OSS notes 84209 and 75908 for more detailed information regarding changes to the size of the user buffer.
  Transaction SU56 shows the contents of the user’s user buffer and a total for all the authorizations in a user master record.
  Hope this info helps
  Br,
  Sri
  Award points for helpful answers

• The database structure has been modified - how to check if it happend?

  Hello,
  I have a question. How to check if the database structure has been modified? I know that there is shown a messagebox after creating table and adding some fields, but sometimes this message appear after some seconds. The problem is that I want to create table and UDO for this table, and until database structure is not modified I got an error message. If I wait and DB strucuture modifies then UDO is creating correctly.
  My question is - does anyone know how to check if database structure has been modified?
  Regards,
  Hmg

  Hi Szymon,
  I guess you are stuck up in a kinda scenario, where in, you will be populating a form with values, before the structure modifies, if this is going to be your problem, I can help you out with a work around.
  In the beginning of the process, before the creation of the UDO or tables, set a boolean value to false, and once all UDO's and Tables are created, only then, should you make it true and only after the boolean becomes true, you should proceed with populating the values from the screen.
  I really ament sure what your problem is, but one of my guys faced this problem, I then, thought even you might have a similar problem.
  Satish.

• How to check connection from SAP to reservation system?

  Dear Experts,
  May I know how to check whether the connection between SAP and the reservation system has been set up and ready to use?
  Thanks.

  Hi
  You need to check the identification code issued to the enterprise by AMADEUS must be entered in the R/3 Customizing for Travel Planning under Master Data u2192 Control Parameters for Travel Planning u2192 Define sales offices and Define API access parameters.
  External reservation system In the Travel Planning subcomponent Travel Management accesses an external reservation system connected to R/3 to carry out the queries on available travel services and to book the selected services. The reservation system currently available is the AMADEUS Global Travel Distribution system.
  For more information, see Technical Prerequisites for Travel Planning--
  Technical Prerequisites for Travel Planning
  Before you can use Travel Planning fully, a number of internal R/3 and external prerequisites or settings must be fulfilled.
  Connection to an External Reservation System
  The online booking function in Travel Planning is based on the cooperation with external reservation systems that are used to communicate with the service providers. The R/3 user has access to the following functions via the connection to an external reservation system:
  u2022 Availability query of travel services
  u2022 Transfer of additional information about selected travel services
  u2022 Price information
  u2022 Processing of reservation by the respective provider
  u2022 Synchronization of the data in SAP Travel Planning if external booking changes have been made
  In the current release the external reservation system in use is AMADEUS Global Travel Distribution. AMADEUS is a subsidiary of Lufthansa, Air France, Continental Airlines and Iberia. The reservation system it provides is in worldwide use and 160,000 terminals in 37,000 travel agencies and ticket sales centers in over 130 countries are connected to it.
  In order to carry out online booking via AMADEUS the following must have been carried out:
  u2022 Your enterprise must have signed an agreement with AMADEUS for the use of the interface and be registered at AMADEUS with a user ID
  u2022 A network connection to the AMADEUS computer center must have been opened
  u2022 The identification code issued to the enterprise by AMADEUS must be entered in the R/3 Customizing for Travel Planning under Master Data u2192 Control Parameters for Travel Planning u2192 Define sales offices and Define API access parameters.
  For questions about registration, contact the SAP & AMADEUS Competence Center:
  SAP & AMADEUS Competence Center ACC 02 Neurottstrasse 16 69185 Walldorf Germany
  Cheers
  Mukta

• How to check SSO user from database?

  Hi:
  I've posted this topic in Forms forum:
  How to check SSO user from database?
  then as I've been told, it's better to post it here, so ...... here is the question:
  I'm writing a "before delete trigger" to insert into log table before delete. Is there a way that I know from database the current SSO user when SSO users share one database user?
  Just like in Oracle Application Express there is v('APP_USER') to know the current user.
  Saad,

  End users are manipulating data through Oracle Forms(and SSO through portal) and the thing I need is to trace the SSO username from database without modifying forms, I mean purely from database taking into consideration that SSO users are sharing one database user. Is it possible?
  Saad,