Report: username R/3-his roles-profiles (like SU01).
Hi,
I need to report my users (by username R/3) and his roles and profiles - exactly like SU01. I used tables like UST04, UST10S, UST12, AGR_1016 but I didnt get any correct result - never like SU01. Is there any class or ...?
Thanks, zd.
Hello,
For roles you can use something like this -
CALL FUNCTION 'PRGN_READ_ACTIVITY_GROUPS'
EXPORTING
TIME_DEPENDENT = ' '
call_by_su01 = 'X'
TABLES
USERS = PRGN_USERS
ACTIVITY_GROUPS_USERS = I_ACTIVITY_GROUPS_USERS
EXCEPTIONS
NO_ACTIVITY_GROUPS_AVAILABLE = 1
OTHERS = 2.
For Profiles, you can make a call like this -
CALL FUNCTION 'SUSR_GET_PROFILES_OF_USER'
TABLES
USERS = USERS
PROFILES = PROFS
EXCEPTIONS
OTHERS = 1.
For both the function module you need to pass the username(s) in the first tables parameter.
Hope that helps...
Regards,
Anand Mandalika.
Similar Messages
-
BADI or User Exit for role/profile assignment SU01/PFCG
Hi ABAP gurus,
I need a way, BADI, UserExit to do some verifications over a role or a profile before is assigned in the Tcode: SU01 and PFCG.
These verifications prevent the assigment of critical roles, transacction or access to tables.
Any information about this topic it would be very helpful...
thanks...Hi RAFAEL ,
Only one exit is available for this Tcode SU01.No Exits available for PFCG
Enhancement SUSR0001 User exit after logon to SAP System
For SU01 we can check the profile assignment in program MS01CU10 and some AUTHORITY-CHECK:
AuthCheck MS01CC10 S_DEVELOP AUTHORITY-CHECK ABAP Workbench
AuthCheck MS01CU10 S_TCODE AUTHORITY-CHECK Transaction Code Check at Transaction Start
AuthCheck MS01CC10 S_USER_AUT AUTHORITY-CHECK User Master Maintenance: Authorizations
AuthCheck MS01CC10 S_USER_GRP AUTHORITY-CHECK User Master Maintenance: User Groups
AuthCheck MS01CC10 S_USER_PRO AUTHORITY-CHECK User Master Maintenance: Authorization Profile
AuthCheck MS01CC10 S_USER_SYS AUTHORITY-CHECK User Master Maintenance: System for Central User Maintenance
In the same way PFCG contains some AUTHORITY-CHECK:
AuthCheck LSUPRNU18 S_USER_TCD AUTHORITY-CHECK Authorizations: Transactions in Roles
AuthCheck LSUPRNU27 S_USER_PRO AUTHORITY-CHECK User Master Maintenance: Authorization Profile
AuthCheck LSUPRNU23 S_TCODE AUTHORITY-CHECK Transaction Code Check at Transaction Start
AuthCheck LPRGN_TREEI0O S_USER_AGR AUTHORITY-CHECK Authorizations: Role Check
I hope this may helpfull.
Thank you,
Thanks,
AMS -
Critical Action and Role/Profile Analysis
Hi,
I want to know the purpose of the Batch Risk Analysis back ground job "Critical Action and Role/Profile Analysis" in RAR 5.3.
I'm assuming that I need not run this job if I do not want the critical roles/profiles like SAP_ALL to be analysed which were defined to be critical in rule architect.
Please let me know if there is any other purpose to run the BG job "Critical Action and Role/Profile Analysis".
Thank you,
ParthaHello Partha,
You got this right. It will analyze the defined critical actions/roles/profiles.
Regards, Varun -
How to generate profile like report in APEX
Hi,
I am trying to create a report similar to Image: !http://www.nomagic.ie/sample_report.jpg! . I thought this will be easy if I create a form and fetch rows for reach section seperately during page rendering. Each each is coming from different table . I am okay with this approach, However there are couple sections that have multiple rows . I am wondering, If there is any better way in APEX to generate profile like report.
Thanks
AaliHi Aali
You could do this using reports rather than forms and you'd just need to have two columns returned by each query and change the alignment to mimic that look.
Then just create a custom report template that looks the same as that (removing all borders etc).
>
I am okay with this approach, However there are couple sections that have multiple rows
>
I don't understand what you mean by this?
Cheers
Ben -
Analysis Authorization (Role, Profile and Direct Assignments)
<b>Analysis Authorization Question:</b>
1) In BW 3.x environment, customers have used Role Maintenance Process to assign proper object level security and then assign to the users.
2) Most of the places R/3 security team takes over support/administration function of BI Security and they continue to use Role method to assign Reporting Authorizations as per the process defined in BW 3.x system.
3) Customer sometime have 100 + Roles to have 3.X Reporting Authorizations. This is Managed, assigned, approved using role concept.
<b>
Migration Options:</b>
1) New Analysis Authorization makes process of Role Maintenance like "hierarchy authorizations" of BW 3.x. You have to create Value in other transactions and assign them in Role as a pointer or link object. With Analysis Authorization concept, Actual value of the Object Assigned Like Company code 1100 not visible in Role Maintenance PFCG transactions. It is only visible in Transaction code RSECADMIN.
2) Analysis Migration Tool - RSEC_MIGRATION does not update ROLES. It creates or changes PROFILES.
3) Profiles are assigned to the users and Roles does not reflect any Impact by Analysis Authorization migration.
<b>Questions</b>
a) This means customer need to update all the roles by hand. If they want to use Roles to manage the assignment of the Security to users. Migration Tool does not update Roles, it only updates PROFILES.
b) Does any one use direct assignment to Users? It is good business practice?
c) Is <b>Profiles</b> recommended method of Authorization Maintenance?
d) Can we run migration tool to create Analysis Authorizations, but not assign to the users as a Profile. But stop at creating Analysis Authorizations. If Customer wants to use Roles maintenance process then, they can do not have delete profile assignments from all users before updating Roles using Analysis Authorizations.
Just want to check how other folks have done migration that can be supported going forward.
Pankaj GuptaHey Pankaj,
In general, assigning the analysis authorization directly to user makes a lot of sense for granular levels of authorization. For example, if you had 3,000 users, 3,000 specific authorization combinations, and 3,000 roles, using roles is a lot of additional overhead. If you had 12 roles and 3,000 users, your role concept makes a lot of sense.
Therefore, the recommendation is that it varies on what makes the most sense logically. Authorization groups can be created to group analysis authorizations and combine them. Also, you have the ability to generate analysis authorizations using the Content Datastores for this. That is an option as well.
RSEC_MIGRATION does use profiles as you've stated. If you want, there would be manual work to convert to roles afterwards. In case you haven't seen Marc's presentation on security, it's pretty good and covers how to generate authorizations from the datastore.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/ac7d7c27-0a01-0010-d5a9-9cb9ddcb6bce -
Report to view all the Roles and Transactions assinged to a particular user
Hi,
I need to develop a report to view all the Roles and Transactions assinged to a particular user along with the Authorization values. So, if provide the Username, the report should be able to give Roles, Transaction Codes and the fields and thier authorization values for that TCodes..
Regards,
Sreenivas RajuTry this FM once - SUSR_USERS_LIST_ALV . It provides a list with Roles, Profiles, and also a detail button to check the authorization values etc.
Also try this FM - SUSR_USER_DISPLAY_WITH_AUTHS, SUSR_USER_AUTH_FOR_OBJ_GET , SUSR_USER_DISPLAY_WITH_S_TCODE -
Report listing of menu items/roles
I need to get a listing for my customers of all menu items and the corresponding roles which have access to them. Does anyone have code or know how to get this information? thanks - sandi
Hello,
I was wondering whether usage of B1 queries could not help to solve this requirement.
Are there any other specific requirements on structure of the report, sorting, filtering, selection criteria, print layout templates?
In which business situation, customer would like to utilize these reports? What are his/her needs?
Thank you.
Peter Dominik
SAP
B1 Product Definition -
Is file created by report CRMD_UI_ROLE_PREPARE mandatory in CRM Role Design
Hi All,
The CRM 7security guide mentions usage of file created by report CRMD_UI_ROLE_PREPARE for Designing role. Can anyone suggest, whether it is Manadatory to perform this report.
I have designed Role, WITHOUT using this report.Hi Raghu, your explaination is not clear to me.
my understanding-The report produces the file from a Business Role, which contains Services/BSPs,etc.... This file needs to be imported into Menu Tab, by option 'Import From File'. So, when these Services/BSPs are added into Menu tab, they will auto-populate their SU24 entries(authorization objects) in Authorization Tab(like in Transaction Codes)
Could you be clear on "report CRMD_UI_ROLE_PREPARE will help you with generating the CONTENT automatically", as mentioned by you. Which CONTENT: Entries(Services,etc...) in Menu Tab OR their SU24 auth. Objects.
Also, "you can import the file from PFCG profile menu" is not clear. Which MENU are you referring here? The MENU tab which contains Services/BSPs,Transaction Codesetc.. OR the MENU bar inside Authorization Tab
Could you suggest on this, as i this is what i am desparately looking for -
Display interactive report rows based on user role.
Hello,
Can anyone please help me out with this issue. i have an interactive report and now i want to make this report as conditional based on user role. Like i want to dispaly all the report rows for an Admin user role and for a developer I want the report to display only his/her rows. Can anyone please help me how can I resolve this issue.
Do I need to have two separate reports for each role or can we make achieve this with only one report.
thanks,
OrtonHere is a possible answer.. Build your Interactive report off of a collection. And when you build the collection you can build an if statement to either build your select with or without the filtering of user_id..
See this blog entry for how to build a interactive report from a collection: http://www.oracleapplicationexpress.com/tutorials/71-oracle-apex-interactive-report-based-on-plsql-function
Thank you,
Tony Miller
Webster, TX -
Structural authorization : role, profile, user group
Dear All,
I am working in OM in Structural authorization, can anyone tell me difference among Roles, profile, user group.
I am mainly concerned with roles and profiles, What exactly is role and what is profile.
Pl give me practical example....
Regards,
KumarHi kumar,
Roles: It is divided in to single role and Composite Role. It is used to maintain your list of allowed transactions and reports as a menu. Once you assigned this role to the user, he / she can access only those transactions, what you maintained in the menu.
Profile: It is based on the authorization object. Unless untill, you generate the profile, the system will not consider the authorization for the assigned menu. You can provide the authorization based on various objects like infotype, transaction code, master record, org key,..
User Group: Used to set the unique set of rules for the specific user. How system should react in case of specific user group.
Good Luck
Om
Reward it, if u feel helpful. -
Solution Manager 4.0 Solution Monitoring User -Roles-Profiles for Satellite
Hi All,
I have installed Solution Manager 4.0 (OS -Linux ,Database - DB2) .
Now i need to connect solution manager to the R/3 4.6C
Satellite Systems (DEV, QAS ,PRD) for Solution Monitoring
and Service level Reporting .
I have read the configuration guide , but unable to get clear idea .
1) what users (alos type of user -Dialog , Service, Communication etc) do i need create in DEV , and Test in QAS for solution Monitoring .
2) what exact roles /profiles need to be assigned to these users in satellite systems .
3) what users/roles /profiles needs to be done in SOLMAN system
i have applied all the required plug ins and support packs
in satellite systems and solman 40 ..
Please advice . Your response will be a great help for me .
SatishHello Satish,
Just clarify, if u have meant connecting the satellite systems for EWA reports to be precise. Early watch Reports. If its is the case, then repond so that i can putin my inputs which may be helpful for you in this config.
Rgds,
Sri -
GRC AC10 RAR :"Ignore Critical Roles/Profile" option not available in
Hello Gurus,
I have configured RAR and the reports are working as usual , but i observed that i could not see two things
1) Option to select "IGNORE CRITICAL ROLES/PROFILE" during Role/User ANALYSIS under "Reports & Analytic" tab.
I checked in SPRO>GRC>AC-->Maintain Config Settings
There is a parameter "Ignore Critical Roles/ Profiles" which i first set to "Yes" and then checked in NWBC , i was unable to see the option under "Additional Option".
Later i changed SPRO setting to "NO" , then again it did not show me .
Where can i find this option , so that if i upload say 10 roles which are assigned to firefighter ID they should not be analyzed for RAR ??
2) I also could not find any option to upload "DEFAULT roles" which need to be assigned to any "NEW USER" request coming through CUP ??
Where can we make this setting, so that the basic roles can get assigned to the user when any new user request comes in.
Will you please put some light on this area ?
Thanks in advance.
Regards,
VictorHi Johanna
Have you run the synchronization job subsequent to the configuration of critical roles / profiles ? If not so try running the Synchronization job and then try risk analysis.
Regards
Swarna -
RAR v5.3 - Ignore Critical Roles & Profiles = No is not Working
Hello everyone,
I have SAP_ALL and SAP_NEW configured as critical profiles in Rule Architect. I changed the Ignore Critical Roles & Profiles option to "No" to see the delta. Yet, when I run the risk analysis (ad hoc or batch) against users with SAP_ALL, it still says No Conflicts found even though I changed the config to look at SAP_ALL users.
Do I have to restart the server for the new Config to take effect? It doesn't say it in the option like some of the other Config options do, but It's the only thing that I can think of.
Thank you,
JohonnaHi Johanna
Have you run the synchronization job subsequent to the configuration of critical roles / profiles ? If not so try running the Synchronization job and then try risk analysis.
Regards
Swarna -
List roles/profiles/authorizations for end user
HI All
Can anyone please give the list roles/profiles/authorizations
that needs to be added to our end user id so as to view
(Only Display) all the BEx Reports.
Points assured
Thanks
VijayaHi Vijaya,
Go through this link:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a07122ae-8216-2a10-c9a5-996717a0648b
Thanks,
Ajay -
Integration of multiple business role profiles in a single Z role profile
Hi experts,
I want to see all the work center available in service pro role and interaction center role profiles in a single Z business role prfole on the WEB UI.
Please advise me the possibilities of the integration of multiple business role profiles in a single Z role profile(Example like Administratoru2019s profile).
If it is possible what would be the approach please suggest me.
Thanks in advance
sameeraCopy one of this 2 roles which you want to use in Z role and then manualy assign additional workcenters and links to this Z role which you are still missing.
There is no standard predelivered admin role which would have all workcenters.
Maybe you are looking for
-
Error WIS 30270 in BO 4.0
Hi I'm testing BOE 4,0 SP1 Path3 in 2 new Windows 2008 64 Bits with 4 and 8 Gigas. When I create a new document WEBI (Interactive Analysis) or I open a old document (import of 3.1). It appears error WIS 30270 (The user is Administrator). Somebody c
-
HOW TO SOLVE THE R6034 ERROR IN ITUNES INSTALATION
I need toknow how to solve the R6034 error in itunes instalation becouse y can´t buk up muy phone
-
Hey, This is Praveen! I have a problem in FF 4.0 and even in the previous versions wherein when I open an .PDF file (in a new tab) from a link, the current tab loses scrolling until I switch over to the newly opened tab. Kindly address this issue. Th
-
Hi, I have a POP-UP with few controls like toolbar and trees, Resize option is enabled in the popup. While resizing the controls are not resized to fit the layout. Please let me know the ADF functionally to resize the controls in POP-UP Thanks, Prabh
-
Sample code to dynamically append bytes to pdf
Hi, I need to dynamically append bytes to pdf. It would be great if some one post sample code for that. Thanks, Veerabhadrarao