Role Comparisons across Mutliple Systems

Does anyone know an easy way to do a role compare across multiple systems?  Using the current SUIM reports only limits a compare between two systems.    Need to be able to look at the complete landscape from based upon a role.  Can SOLMAN help with this ?
Any info or ideas would be great.
Thanks

Hi Mark,
The best possible way is that you can schedule a job in every system which runs every 30 mins and it will do the user comparision for you in each of the systems. I have seen this working in one of my clients. For more information about this job you can search. Meanwhile let me check i can find the details for that job.
Thanks,
Avneesh

Similar Messages

  • Mass Roles Comparison in ECC System

    Hi Forum,
    I am know working on Role-Redesign project, which involves about 4000 roles.
    We have to eliminate the roles, which have same transactions and activities.
    SUIM provides only single role comparison....
    Is there any possibility to compare set (range of) of roles with a set (range of) of role in ALL-COMBINATIONS. 
    Regards.
    Sathish Ram.

    Hi Surya,
    There is one way. Download the roles in excel files. I would suggest not more than 80-100 roles in one go. Then for each file convert the various columns into one column using concatenate function. Now for a given set of roles you will 2 files one for each of the involved systems. Now create a third files in which you collate the date from both the original source files and then do a column comparision. It is tedious but in given circumstances the shortest way. I think it will take less time then do role comparision on one to one basis. Take help from an MS excel expert.
    Regards.
    Ruchit.

  • Role Comparison Cross System - alternatives to RSUSR050

    Hello Experts,
    Would there be an alternative for Cross system role comparison outside of using RSUSR050 ?
    We have a variety of landscapes and are on different basis levels...SAP notes have corrected all but one
    which is older release level- business not ready to upgrade this one
    I have dabbled with SCMP tcode but results are not clear or complete. I was using table AGR_1250 and 1251
    Any thoughts appreciated ..
    Dan.

    Thanks Bernhard,
    i guess i need a little instruction on how to use this tcode (if that's the best method). When i compare  2 roles that are different
    SCMP notes they are the same ? but i notice there is a field that selects Role id - only allows one numeric input. Can't seem to
    get an entire display of the auth objects. I did this by entering our RFC dest and table name AGR_1251.
    Any other alternatives.   The SUIM (RSUSR050) works fine functionally and we have RFC dest but because of the differing Basis levels on this particular destination server- the results are erroneous and incomplete.  Thanks !

  • Distribution of (PFCG) roles on several ERP systems

    Hi experts,
    let's assume we have 1 system where roles are beeing developed and distributed from (single source of truth) and we want to dsitribute it to several other ERP systems (including dev, quality assurance and prod systems). What possibilities do you see to more or less perform this process automatically ? Is it possible to distribute them via ALE ? I have not found an IDOC type for this. How would you distribute all Z-Roles on other systems ?
    Thanks !
    Regards,
    Max

    Hi Max,
    The possible options for you are:
    1. Download and upload the roles in each develoment system, re-generate the profile and transport the roles across the landscape.
    2. Using the RFC function, read the role from a source system.
    You can refer the below SAP help document that provides your mode information:
    http://help.sap.com/saphelp_nw70/helpdata/en/6d/7c8cfd410ea040aadf92e1f78107a4/content.htm
    Regards,
    Raghu

  • Integrate GRC 10.1 with CUA and how to import roles from CUA & Child systems into GRC for provisioning

    Hello,
    I am trying to integrate CUA into our GRC 10.1 system through the below steps and so far I have completed the below steps following SAP Notes 1680108 and 1616121:
    1. Connected CUABOX to GRCBOX like a plug-in system.
    2. Updated CUA Global System and CUA Model Distribution in Maintain CUA settings under User Provisioning.
    3. Next I am trying to import the roles from CUA(CUABOX) into GRC(GRCBOX) to be able to provision roles in CUA Child Systems(ECCBOX).
    After reading few discussions in SCN, I have figured that we have to download a template in Role Import and populate it accordingly to upload the CUA child system roles into GRC system for provisioning in CUA Child Systems.
    Unfortunately, this template has multiple fields and I am unable to determine the fields that should be populated as CUA Global System and CUA Child System to import into GRC. Also, when we upload CUA Child System Roles template what selections should be made in Role Import window.
    Any help in this regard is very helpful.
    Thank you,
    Pawan

    Hi Alessandro,
    I have "Create user if does not exist" setting checked for both change action and assign role action and also have CUA enabled. Here is the list of steps that I am performing:
    1. Create an access request for new account, T-CUA_CHILD and select a role from a child system ECC Z_ECC_ROLE_IN_CHILD_SYSTEM.
    2. Approvals provided to assign the ECC role.
    3. I see the following in GRFNMW_DBGMONITOR_WD.
               Auto provisioning activity at end of request at Path GRAC_DEFAULT_PATH and Stage              GRAC_SECURITY
                   New User:T-CUA_CHILD created in System(s): ECC (created without role assignments)
                   T-CUA_CHILD User does not exist in target system CUA
    GRC created an account without role assignment in ECC but also throwed me an error that the user does not exist in CUA.
    However, if I select roles from both CUA and ECC it creates the account in both systems with the selected role assignments.
    So I am wondering if there is way to provide CUA access to users by default for new account requests types. I have tried setting up default roles for CUA but it does not assign the roles by default until I select the CUA system.
    Thank you for your help!
    Pawan

  • CUA Roles residing in Child system are not showing in Central System

    I just hooked up CUA today and have linked 8 child systems to the central system.  The 8 child system users and roles have already been established in the child systems.  Do I need to run program susr_zbv_get_receiver_profiles in each of the child systems to get the roles in the child systems to show up in the Central System for each user?  I tried this in one child system and it worked.
    Or is there something else I need to do without going into each child system?
    I tried this program susr_zbv_get_receiver_profiles in the Central system but it did not work.

    are you looking for roles or profiles? profiles will not show up in the central system. If you run SCUL do you see anything? when you first added the child system did you use an SAP user that had the proper permissions? In both the child and the parent? There are two roles that the user must belong to to add the child to the parent they are SAP_BC_USR_CUA_SETUP_CENTRAL and SAP_BC_USR_CUA_CENTRAL.
    If you have any question about the permissions of these user at the time you added the child to the parent I'd delete the child and re-add with either the above roles or a user with SAP_ALL in BOTH the child and the parent systems

  • Cannot find role SAP_SDCCN_ALL in satellite system

    Hi,
       I cannot find the role SAP_SDCCN_ALL in satellite system. The sattelite system is R3 4.7 PI 2003_1_470, PI_Basis 2003_1_620. Did anyone of you encounter the same problem?.
    Regards
    Anil

    Hi Anil,
    the role SAP_SDCCN_ALL is shipped with ST-PI 2005_1_*.
    In this ST-PI release the new transaction SDCCN is shipped first time. This transaction replaces the old SDCC. So it is quite clear that in the ST-PI 2003__ the role is not available.
    So please upgrade your ST-PI and you will get the new SDCCN.
    This SDCCN has the following new features and functions. You can send data to more then one Solution Manager.
    If you have installed the new ST-PI and you are generating then RFCs (the SM_*_BACK), the tool automatically assigns this destination to the SDCCN, so then automatically the SDCCN would ask the new SolMan for new sessions.
    Also one big advantage of the new SDCCN is, if one download is required by more then one service, this download will not be collected multiple times (reduces system load), it is collected only ones. By default a new download will be collected after 3 or 6 days, this is customizing of the SDCCN.
    So I recommend to upgrade your ST-PI
    Regards,
    uDo

  • Visualizing SAP XI routing configuration across the system landscape

    Hi Experts
    Iam facing some challenges in visualizing SAP XI routing configuration across the system landscape (Development, Quality, Production). Basically routing is based on a field (technical target system). Depending on the environment we have different target systems (different Mainframe DB that represent the same target system) configured.
    Any word/excel/ppt/pdf templates or any comments that could help visualizing routing would be highly appreciated.
    Thanks! Santosh

    Hi Santhosh,
    If you are worrieed about how your Business Systems will change when you move from Dev to QA to PROD for the Configuration in your ID, then the answer is simple.
    You can create transport target for your Business System and so when you migrate the ID objects from dev to Qa and so on, the business Systems will be automatically replaced.
    Take a look at this blog,
    /people/sap.india5/blog/2005/11/03/xi-software-logistics-1-sld-preparation
    Regards,
    Bhavesh

  • Indexing a NAS across two systems for Spotlight

    Hey all. I work for a graphics department of small business. The resident IT guy doesn't know anything abut the Macs that we use for all our designwork, so its kinda up to me to figure out all this stuff here as the resident nerd among my coworkers.
    Anyways, we currently have two systems in the office, a 2012 Intel iMac running OS X 10.7, and a dinosaur orignal Power Mac G5 running 10.5. We have a ton of files spread across both systems, and use Spotlight to pull up stuff we need quickly (as I'm sure most of you do as well XP)
    However, despite both systems being on the asme network with sharing enabled, we can't index the others drive to enable spotlight searching of the other systems content. This makes sense as I don't believe OS X is able to index another systems internal drive. So I was thinking of getting a NAS, consolidating and moving all the content we use from both systems onto said NAS, then indexing that drive on both desktops, alowing us to easily spotlight search for everything we normally use on both systems.
    I know you can easily set up a local USB or Firewire drive to be indexed via Terminal, but I'm not sure if the same thing applies to a NAS. Googling around has brought up some conflicting conjectures from multiple sources. I figure before I drop $150 of company money, I'd get a second opinion if I'm on the right track here ^_^;
    Thanks for your time, appreciate any advice you may be able to provide!

    Hey all. I work for a graphics department of small business. The resident IT guy doesn't know anything abut the Macs that we use for all our designwork, so its kinda up to me to figure out all this stuff here as the resident nerd among my coworkers.
    Anyways, we currently have two systems in the office, a 2012 Intel iMac running OS X 10.7, and a dinosaur orignal Power Mac G5 running 10.5. We have a ton of files spread across both systems, and use Spotlight to pull up stuff we need quickly (as I'm sure most of you do as well XP)
    However, despite both systems being on the asme network with sharing enabled, we can't index the others drive to enable spotlight searching of the other systems content. This makes sense as I don't believe OS X is able to index another systems internal drive. So I was thinking of getting a NAS, consolidating and moving all the content we use from both systems onto said NAS, then indexing that drive on both desktops, alowing us to easily spotlight search for everything we normally use on both systems.
    I know you can easily set up a local USB or Firewire drive to be indexed via Terminal, but I'm not sure if the same thing applies to a NAS. Googling around has brought up some conflicting conjectures from multiple sources. I figure before I drop $150 of company money, I'd get a second opinion if I'm on the right track here ^_^;
    Thanks for your time, appreciate any advice you may be able to provide!

  • How to send idocs across SAP  systems in same network

    Hello
    I wander how to send idocs across SAP  systems in same network

    Hi Jan Bo,
        please check the below link
    http://help.sap.com/saphelp_nw04s/helpdata/en/dc/6b7f3c43d711d1893e0000e8323c4f/frameset.htm
    please write if you want more detailes.
    Regards,
    S.Manu.

  • Logon is not possible because you have not been assigned to a business role; please contact your system administrator

    Hi experts,
    I'm having a problem when our project approaching the end.
    If I assigned the business role in parameter CRM_UI_PROFILE and PFCG role in SU01.
    It works fine,and the user can logon the web ui.
    Now I created a new organization model and position,assigned the business role and user to the position.
       A PFCG role was also assigned to the business role:
    Then I removed all the roles and profiles in user master in SU01.
    The user can not login CRM WEB UI and the system raised "Logon is not possible because you have not been assigned to a business role; please contact your system administrator".
    Can anybody suggest what the problem is? Is there any other settings I should make?
    I suppose that,since the user was assigned to the position the organizational model, the system can determine the user's business role, and through the business role, the corresponding PFCG role can also be determined.
    Am I correct?
    Thanks.
    Jerry

    Jerry, yes, you're right.
    Let me point you to pretty good explanation right here: Logon is not possible because you have not been assigned to a business role; please contact your system administrator
    So business role determination is taken in three steps (you can observe them in class CL_CRM_UI_PROFILE_DETERM method LOAD_PROFILES):
    1. From user's parameter  CRM_UI_PROFILE (method LOAD_FROM_USER_PARAMETER);
         If  CRM_UI_PROFILE = * then the user needs to have S_DEVELOP authorization object with OBJTYPE = 'DEBUG' (debug authorization).
    2. If not found on previous step: From organizational management (method LOAD_FROM_ORG_MANAGEMENT)
    3. If not found on previous steps: Based on PFCG roles (method LOAD_FROM_PFCG_ROLE);

  • GRC 5.3 | ERM | Disabled Role Comparison Field

    When executing a role comparison in ERM, the only way to select the role is to use the magnifier next to the field, search and select the role. As we have thousands of roles, this is not userfriendly.
    Is is possible to enable the field for role name in the role comparison "section" so that can be searched on roles using wildcards.
    Thx.

    Hello Kraell 
    Considering that this feature is not available as of now but if you still have dire need for the same, you may contact SAP if they can treat this as an enhancement request (for which you might be charged a bit) and deliver this feature to you.
    Regards,
    Hersh.
    http://www.linkedin.com/in/hersh13

  • Compare a role in two different systems

    Hi All,
    Is there way to comapare a role in 2 differnet systems as we have dual landscape for ECC.
    Thanks,
    Lisa

    @ Partha - I don't think you have got time to read the thread carefully
    @ Nishant - Your concern is right if both the system using same naming convention. In that case OP would get a warning before uploading the file. However one can change the role name in text file by replace method. Just to keep in mind to keep same char length for role name. And also to be carefull if any other data may get replaced apart from role name :-d
    Regards,
    Arpan Paik

  • Linkage of E-recruiting role in E-Rec system to the mySAP portal

    Hi,
    Anyone can assist me on how to link the e-recruiting customised role in e-rec system to the mySAP portal or R/3?
    Example, I am using mySAP portal ESS, my R/3 using ECC6 and now implementing E-rec system in mySAP portal. I did created customised role in the e-rec, how to link it to the front end mySAP portal?
    Appreaciate an expert advice.
    Thanks.
    regards,
    Rose.

    Dear Rose,
    Now you have created your own roles, you need to create URL iviews calling the E-Recruiting applications in your portal then it should work.
    Best Regards
    Christine

  • Role Creating in Central System CUA

    Hi,
    I am in the process of configuring CUA in my system.
    Please let me know if it is possible to create roles in the Central System and push it to child system
    Please advice

    I think it will help for you
    [http://help.sap.com/saphelp_nw04s/helpdata/en/b5/737c4177f1030de10000000a1550b0/content.htm]
    [https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/7c16d1f4-0901-0010-528b-f101f94cb09d]
    Regards,
    Raja. G

Maybe you are looking for