Report: username R/3-his roles-profiles (like SU01).

Similar Messages

• BADI or User Exit for role/profile assignment SU01/PFCG

  Hi ABAP gurus,
  I need a way, BADI, UserExit to do some verifications over a role or a profile before is assigned in the Tcode: SU01 and PFCG.
  These verifications prevent the assigment of critical roles, transacction or access to tables.
  Any information about this topic it would be very helpful...
  thanks...

  Hi RAFAEL ,
  Only one exit is available for this  Tcode SU01.No Exits available for PFCG
  Enhancement     SUSR0001     User exit after logon to SAP System                    
  For SU01 we can check the profile assignment  in program MS01CU10 and some AUTHORITY-CHECK:
  AuthCheck     MS01CC10     S_DEVELOP     AUTHORITY-CHECK     ABAP Workbench                    
  AuthCheck     MS01CU10     S_TCODE     AUTHORITY-CHECK     Transaction Code Check at Transaction Start                    
  AuthCheck     MS01CC10     S_USER_AUT     AUTHORITY-CHECK     User Master Maintenance: Authorizations                    
  AuthCheck     MS01CC10     S_USER_GRP     AUTHORITY-CHECK     User Master Maintenance: User Groups                    
  AuthCheck     MS01CC10     S_USER_PRO     AUTHORITY-CHECK     User Master Maintenance: Authorization Profile                    
  AuthCheck     MS01CC10     S_USER_SYS     AUTHORITY-CHECK     User Master Maintenance: System for Central User Maintenance                    
  In the same way PFCG contains some AUTHORITY-CHECK:
  AuthCheck     LSUPRNU18     S_USER_TCD     AUTHORITY-CHECK     Authorizations: Transactions in Roles                    
  AuthCheck     LSUPRNU27     S_USER_PRO     AUTHORITY-CHECK     User Master Maintenance: Authorization Profile                    
  AuthCheck     LSUPRNU23     S_TCODE     AUTHORITY-CHECK     Transaction Code Check at Transaction Start                    
  AuthCheck     LPRGN_TREEI0O     S_USER_AGR     AUTHORITY-CHECK     Authorizations: Role Check                    
  I hope this may helpfull.
  Thank you,
  Thanks,
  AMS

• Critical Action and Role/Profile Analysis

  Hi,
  I want to know the purpose of the Batch Risk Analysis back ground job "Critical Action and Role/Profile Analysis" in RAR 5.3.
  I'm assuming that I need not run this job if I do not want the critical roles/profiles like SAP_ALL to be analysed which were defined to be critical in rule architect.
  Please let me know if there is any other purpose to run the BG job "Critical Action and Role/Profile Analysis".
  Thank you,
  Partha

  Hello Partha,
    You got this right. It will analyze the defined critical actions/roles/profiles.
  Regards, Varun

• How to generate profile like report in APEX

  Hi,
  I am trying to create a report similar to Image: !http://www.nomagic.ie/sample_report.jpg! . I thought this will be easy if I create a form and fetch rows for reach section seperately during page rendering. Each each is coming from different table . I am okay with this approach, However there are couple sections that have multiple rows . I am wondering, If there is any better way in APEX to generate profile like report.
  Thanks
  Aali

  Hi Aali
  You could do this using reports rather than forms and you'd just need to have two columns returned by each query and change the alignment to mimic that look.
  Then just create a custom report template that looks the same as that (removing all borders etc).
  >
  I am okay with this approach, However there are couple sections that have multiple rows
  >
  I don't understand what you mean by this?
  Cheers
  Ben

• Analysis Authorization (Role, Profile and Direct Assignments)

  <b>Analysis Authorization Question:</b>
  1)     In BW 3.x environment, customers have used Role Maintenance Process to assign proper object level security and then assign to the users.
  2)     Most of the places R/3 security team takes over support/administration function of BI Security and they continue to use Role method to assign “Reporting Authorizations” as per the process defined in BW 3.x system.
  3)     Customer sometime have 100 + Roles to have 3.X “Reporting Authorizations”. This is Managed, assigned, approved using role concept.
  <b>
  Migration Options:</b>
  1)     New Analysis Authorization makes process of Role Maintenance like "hierarchy authorizations" of BW 3.x. You have to create Value in other transactions and assign them in Role as a pointer or link object. With Analysis Authorization concept, Actual value of the Object Assigned “Like Company code 1100” not visible in Role Maintenance PFCG transactions. It is only visible in Transaction code RSECADMIN.
  2)     Analysis Migration Tool - RSEC_MIGRATION does not update “ROLES”. It creates or changes “PROFILES”.
  3)     Profiles are assigned to the users and Roles does not reflect any Impact by Analysis Authorization migration.
  <b>Questions</b>
  a)     This means customer need to update all the roles by hand. If they want to use Roles to manage the assignment of the Security to users. Migration Tool does not update Roles, it only updates PROFILES.
  b)     Does any one use direct assignment to Users? It is good business practice?
  c) Is <b>Profiles</b> recommended method of Authorization Maintenance?
  d) Can we run migration tool to create Analysis Authorizations, but not assign to the users as a Profile. But stop at creating Analysis Authorizations. If Customer wants to use Roles maintenance process then, they can do not have delete profile assignments from all users before updating Roles using Analysis Authorizations.
  Just want to check how other folks have done migration that can be supported going forward.
  Pankaj Gupta

  Hey Pankaj,
  In general, assigning the analysis authorization directly to user makes a lot of sense for granular levels of authorization. For example, if you had 3,000 users, 3,000 specific authorization combinations, and 3,000 roles, using roles is a lot of additional overhead. If you had 12 roles and 3,000 users, your role concept makes a lot of sense.
  Therefore, the recommendation is that it varies on what makes the most sense logically. Authorization groups can be created to group analysis authorizations and combine them. Also, you have the ability to generate analysis authorizations using the Content Datastores for this. That is an option as well.
  RSEC_MIGRATION does use profiles as you've stated. If you want, there would be manual work to convert to roles afterwards. In case you haven't seen Marc's presentation on security, it's pretty good and covers how to generate authorizations from the datastore.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/ac7d7c27-0a01-0010-d5a9-9cb9ddcb6bce

• Report to view all the Roles and Transactions assinged to a particular user

  Hi,
  I need to develop a report to view all the Roles and Transactions assinged to a particular user along with the Authorization values. So, if provide the Username, the report should be able to give Roles, Transaction Codes and the fields and thier authorization values for that TCodes..
  Regards,
  Sreenivas Raju

  Try this FM once - SUSR_USERS_LIST_ALV . It provides a list with Roles, Profiles, and also a detail button to check the authorization values etc.
  Also try this FM - SUSR_USER_DISPLAY_WITH_AUTHS, SUSR_USER_AUTH_FOR_OBJ_GET , SUSR_USER_DISPLAY_WITH_S_TCODE

• Report listing of menu items/roles

  I need to get a listing for my customers of all menu items and the corresponding roles which have access to them. Does anyone have code or know how to get this information? thanks - sandi

  Hello,
  I was wondering whether usage of B1 queries could not help to solve this requirement.
  Are there any other specific requirements on structure of the report, sorting, filtering, selection criteria, print layout templates?
  In which business situation, customer would like to utilize these reports? What are his/her needs?
  Thank you.
  Peter Dominik
  SAP
  B1 Product Definition

• Is file created by report CRMD_UI_ROLE_PREPARE mandatory in CRM Role Design

  Hi All,
  The CRM 7security guide mentions usage of file created by report CRMD_UI_ROLE_PREPARE for Designing role. Can anyone suggest, whether it is Manadatory to perform this report.
  I have designed Role, WITHOUT using this report.

  Hi Raghu, your explaination is not clear to me.
  my understanding-The report produces the file from a Business Role, which contains Services/BSPs,etc.... This file needs to be imported into Menu Tab, by option 'Import From File'. So, when these Services/BSPs are added into Menu tab, they will auto-populate their SU24 entries(authorization objects) in Authorization Tab(like in Transaction Codes)
  Could you be clear on "report CRMD_UI_ROLE_PREPARE will help you with generating the CONTENT automatically", as mentioned by you. Which CONTENT: Entries(Services,etc...) in Menu Tab OR their SU24 auth. Objects.
  Also, "you can import the file from PFCG profile menu" is not clear. Which MENU are you referring here? The MENU tab which contains Services/BSPs,Transaction Codesetc.. OR the MENU bar inside Authorization Tab
  Could you suggest on this, as i this is what i am desparately looking for

• Display interactive report rows based on user role.

  Hello,
  Can anyone please help me out with this issue. i have an interactive report and now i want to make this report as conditional based on user role. Like i want to dispaly all the report rows for an Admin user role and for a developer I want the report to display only his/her rows. Can anyone please help me how can I resolve this issue.
  Do I need to have two separate reports for each role or can we make achieve this with only one report.
  thanks,
  Orton

  Here is a possible answer.. Build your Interactive report off of a collection. And when you build the collection you can build an if statement to either build your select with or without the filtering of user_id..
  See this blog entry for how to build a interactive report from a collection: http://www.oracleapplicationexpress.com/tutorials/71-oracle-apex-interactive-report-based-on-plsql-function
  Thank you,
  Tony Miller
  Webster, TX

• Structural authorization : role, profile, user group

  Dear All,
  I am working in OM in Structural authorization, can anyone tell me difference among Roles, profile, user group.
  I am mainly concerned with roles and profiles, What exactly is role and what is profile.
  Pl give me practical example....
  Regards,
  Kumar

  Hi kumar,
  Roles: It is divided in to single role and Composite Role. It is used to maintain your list of allowed transactions and reports as a menu. Once you assigned this role to the user, he / she can access only those transactions, what you maintained in the menu.
  Profile: It is based on the authorization object. Unless untill, you generate the profile, the system will not consider the authorization for the assigned menu. You can provide the authorization based on various objects like infotype, transaction code, master record, org key,..
  User Group: Used to set the unique set of rules for the specific user. How system should react in case of specific user group.
  Good Luck
  Om
  Reward it, if u feel helpful.

• Solution Manager 4.0 Solution Monitoring User -Roles-Profiles for Satellite

  Hi All,
  I have installed Solution Manager 4.0 (OS -Linux ,Database - DB2) .
  Now i need to connect solution manager to the R/3 4.6C
  Satellite Systems (DEV, QAS ,PRD) for Solution Monitoring
  and Service level Reporting .
  I have read the configuration guide , but unable to get clear idea .
  1) what users (alos type of user -Dialog , Service, Communication etc) do i need create in DEV , and Test in QAS  for solution Monitoring  .
  2) what exact roles /profiles need to be assigned to these users in satellite systems .
  3) what users/roles /profiles needs to be done in SOLMAN system
  i have applied all the required plug ins and support packs
  in satellite systems and solman 40 ..
  Please advice  . Your response will be a great help for me .
  Satish

  Hello Satish,
  Just clarify, if u have meant connecting the satellite systems for EWA reports to be precise. Early watch Reports. If its is the case, then repond so that i can putin my inputs which may be helpful for you in this config.
  Rgds,
  Sri

• GRC AC10 RAR :"Ignore Critical Roles/Profile" option not available in

  Hello Gurus,
  I have configured RAR and the reports are working as usual , but i observed that i could not see two things
  1) Option to select "IGNORE CRITICAL ROLES/PROFILE" during Role/User ANALYSIS under "Reports & Analytic" tab.
  I checked in SPRO>GRC>AC-->Maintain Config Settings
  There is a parameter "Ignore Critical  Roles/ Profiles" which i first set to "Yes" and then checked in NWBC , i was unable to see the option under "Additional Option".
  Later i changed SPRO setting to "NO" , then again it did not show me .
  Where can i find this option , so that if i upload say 10 roles which are assigned to firefighter ID they should not be analyzed for RAR ??
  2) I also could not find any option to upload "DEFAULT roles" which need to be assigned to any "NEW USER" request coming through CUP ??
  Where can we make this setting, so that the basic roles can get assigned to the user when any new user request comes in.
  Will you please put some light on this area ?
  Thanks in advance.
  Regards,
  Victor

  Hi Johanna
  Have you run the synchronization job subsequent to the configuration of critical roles / profiles ? If not so try running the Synchronization job and then try risk analysis.
  Regards
  Swarna

• RAR v5.3 - Ignore Critical Roles & Profiles = No is not Working

  Hello everyone,
  I have SAP_ALL and SAP_NEW configured as critical profiles in Rule Architect.  I changed the Ignore Critical Roles & Profiles option to "No" to see the delta.  Yet, when I run the risk analysis (ad hoc or batch) against users with SAP_ALL, it still says No Conflicts found even though I changed the config to look at SAP_ALL users.
  Do I have to restart the server for the new Config to take effect?  It doesn't say it in the option like some of the other Config options do, but It's the only thing that I can think of.
  Thank you,
  Johonna

  Hi Johanna
  Have you run the synchronization job subsequent to the configuration of critical roles / profiles ? If not so try running the Synchronization job and then try risk analysis.
  Regards
  Swarna

• List roles/profiles/authorizations for end user

  HI All
  Can anyone please give the list roles/profiles/authorizations
  that needs to be added to our end user id so as to view
  (Only Display) all the BEx Reports.
  Points assured
  Thanks
  Vijaya

  Hi Vijaya,
  Go through this link:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a07122ae-8216-2a10-c9a5-996717a0648b
  Thanks,
  Ajay

• Integration of multiple business role profiles in a single Z role profile

  Hi experts,
  I want to see all the work center available in service pro role and interaction center role profiles in a single Z business role prfole on the WEB UI.
  Please advise me the possibilities of the integration of multiple business role profiles in a single Z role profile(Example like Administratoru2019s profile).
  If it is possible what would be the approach please suggest me.
  Thanks in advance
  sameera

  Copy one of this 2 roles which you want to use in Z role and then manualy assign additional workcenters and links to this Z role which you are still missing.
  There is no standard predelivered admin role which would have all workcenters.