Role of TCode VG01

Similar Messages

• Role without Tcode but with customized "Z" Object only

  Hi all,
  Please help my querry is that with a Single Role as while seeing that role in PFCG in Menu Tab no Tcode is assigned and in the Authoriztion Tab -> change authorization tab just a single(one) Z auth object is maintained with Display actvt and i am not able to understand how this is going how the user are able to access the the Role without TCODE assigned but with just a Z authobject. please tell How this is going and working .
  Your help will be greatly appreciated and pleas tell how this Z auth object are created.
  Thanks,
  Chandresh.

  >
  > You need to provide more infos (from the system) and just asking on site is a good idea (as mentioned by Alex).
  >
  > Cheers,
  > Julius
  I agree that asking onsite could give more insight into the Z-Object usage. I can explain the probable reason of having the Z-Object as a stand alone authorization
  In a role inheritance scenario, when you have roles with 100+ transactions (role A, B,C, .......) which act as the master roles and the derived roles being A1,A2,A3...... depending on the number of inherited roles you have in the set-up, authorization objects like customer authorization group or vendor authorization group can be a tough task (as these are not called in the organization level values) - in this situation as the authorization groups would have to maintained individually in the inherited roles and can be a time consuming task with the additional risk of passing down the values of the master role every time it is generated and inherited - a better option could be to maintain a non-existent value in the master role , inherit it so the non-existent value is passed down to the inherited roles. To give access on the specific authorization groups , create a role with only the object F_KNA1_BED or F_BKPF_BED as might be the case and maintain organization specific values in these object and assign it to the users who need it
  My guess would be that the Z-object the operator mentions is something that is developed to address such an issue

• Table For Role relevant TCodes & its Description

  Hi,
  There is any Table to get the Details of TCodes available in particular Role with its description.
  If table is not there,There is any simple method to get TCode details with role.
  Pls help me.Thanks in Advance.
  Regards
  Karthika

  Hi Karthika,
  Use table AGR_PROF to get profiles for the requried roles.
  and run the table USTSTCAP, from this table you can get Tcodes for the profiles...
  hope this information can help you.
  thanks,
  kishore

• Is there any roles for Tcodes

  hi
  i created a normal tcode zcode and it runs a program to generate file at application server
  i want to know is there any roles needs to be set up for the tcode to be run by functinal is suppose not.
  Please can anyone confirm on it quickly
  regards
  Nishant

  Hi,
  Tcode is to assign a name to  a program. it is like a shortcut to show our program.We should maintain some authorizations to calling the tcode. otherwise every one access that one.
  we should put some authorizations. other people use this and collapse the data. so we should maintain the authorization.
  please reward points, if it is useful.
  regards,
  satish.

• Removal of tcode from role

  Hi Experts,
  I need to remove tcode from role menu, my requirement is as below
  I need to go in a role, search tcode in role menu and if tcode is present in role n times then remove that tcode.
  For example tcode SU01 is present in role menu 5 times then I need to remove all these 5 occurenses.
  As of now I have developed script using SECATT to remove tcode from role but it is static one,  means I already know that tcode is present 3 times then script will search tcode three times and delete and generate profile and come out.
  I want this functionality to be dynamic, i.e. I need to enter tcode only once in data input and then script should remove all occurence of that tcode from role.
  Looking forward for expert advice and comments, please let me know if my requirement is not clear.
  Thanks,
  Ashish Mistry

  Hello,
  1. Check the data base by writing ABAP Query.
  2. Get the length of the received data eg. number of record is present in the data base for your Query.
  3. Now you know exact number of T-Code so you can delete them.
  Regards,
  Bhavesh

• Role, tcode and activity

  dear all,
  does anyone know whats the relationship between role, tcode and activity?
  we can see all relationship in pfcg, but my client want a program that consist all role and tcode and activity, like role A has tcode A1 and A2, A1 can display only, A2 can change, display. i know this data can be found in table agr_1251, but unfortunately not all tcode can be found.
  any idea ?
  thanks

  Hi
  Check the following tables for your details
  AGR_USERS
  AGR_TCODES
  AGR_1252
  AGR_1250
  AGR_DEFINE
  AGR_PROF
  AGR_TEXTS
  ALSO SEE THE TCODES
  <b>SUIM, SU21 AND PFCG</b>  ETC
  <b>Reward points for useful Answers</b>
  Regards
  Anji

• Creation of roles with restricted access to infoarea

  HI !
  We need to create some custom roles in BW, which will restrict the user (with that role) to access only specific infoareas in BW,  i.e. the reports and Infoproviders etc created under those InfoAreas.
  When I tried to create a role in tcode PFCG, I dont get any such options to restrict by InfoArea. Do we have to create custom Authorization objects for this and assign them to this role? if yes, how do we create such Authorization objects?
  I am totally new to roles/profiles etc... i read the online documentations, but cudnt understand them much.
  <u>Please provide the steps to do this</u>.
  Thanks,
  SUshmita

  hi Sushmita,
  try authorization object S_RS_COMP - business explorer compnent (under RS - business information warehouse),
  you can specify infoarea, infocube
  hope this helps.

• How to track usage of tcodes for a particular Login id

  *Hi experts,*
  *Kindly tell me how to track the usage of transactions for a particular Login Id. Is there any tcode from which we can get the report for the same? If suppose 100 tcodes has been assigned to a particualr Login Id, I have to confirm whether in the last  month have the users executed all the tcodes assigned to them or not.*
  *Kindly revert for the same.*
  *Thanks & Regards,*
  *RESHMA*

  Reshma,
  The first thing you have to consider is why the tcode is in the role at first place, conventional wisdom is - Role was identified, its functions were identified (or the other way around) and then corresponding tcodes were identified to perform those functions and then role was updated with these tcodes. Now rather than approaching it through the frequency of tcode use, you shoudl revisit the business process or function and evaluate if it is still required in the role. Depending upon this requirement, you should reevaluate your role design. Usually you should just prepare the role-to-tcode matrix and have the business/Function review it periodically.
  going by frequency can be misleading, I will give you a scenario - what if the user executes a tcode only once a quarter or 6 months or a year, with rest of the time the function is performed by junior staff or some other team member through a different role. So best practice I can suggest is to review the role-tcode matrix.
  You can however check the frequency using Audit Logs in Sm18-20 as mentioned by Vikas above. These are pretty easy to configure but size of logs can get unmanageable depending upon filters.
  Regards,
  Shivraj

• HCM Authorization - Creation of separate Roles & Objects

  Hi All,
  We are developing authorisation matrix and have following doubt:
  The Scenarion is:
  - There are around 130 HR Users can be classified into 10 unique groups.
  - Each user handles from 4 - 8 locations, where locations are not part of PSA but are captured thru VDSK1 feature and stored the details in Organisation Keys
  - OM, PA, PE, PD modules along with ESS with few Custom trnsactions, workflows developed.
  My proposed solution is :
  1. Create 10 Roles only with tcodes (Trn_Roles_Grp_01 to Trn_Roles_Grp_10)
  2. Create 130 Roles without tcodes, but with objects authorisations (Obj_Roles_001 to Obj_Roles_130)
  3. For each user, assign relevant Trn_Role & Obj_Role
  Will this solution work ?  Or any better suggestions are welcome...
  Thanks & Regards,
  Vijay

  Hi,
  You solution will work, but you will have 140 roles. It is to many for 130 users.
  I can suggest you to use structural authorizations to drive scope of access by organization structure rather than enterprise structure. This will reduce number of PA role, but increase number of structural roles. However it will be more consistent approach as you will drive access to functionality by PA roles and organizational scope by OM roles.
  Cheers

• In which tabels the Roles, Usernames, Transaction codes, Change Queues

  Hi All,
      These questions are based on basis:
       WIl any one tell me where the Roles, User Names for that role, tcodes, change queues are stored.
       how they interlink to each other, how can we find the single and composite roles in the table. how can we find what time it is created and when it is changed.
        how can we find how much time the request in change queue....
  Thanks,
  Ravi

  Hi
  check the following Tables
  AGR_DEFINE - Role definition
  AGR_USERS - Assignment of Roles to users
  AGR_TEXTS - Role Descriptions
  AGR_TCODES - Assignment of Roles to Tcodes
  AGR_PROF  - profile Name for Role
  AGR_1250 - Authorization data fro activity group
  AGR_1252 - Orgn elements for Authorizations
  USR10 - Role Definition
  UST12 - User Master Authorizations
  <b>Reward points for useful Answers</b>
  Regards
  Anji

• Cannot see BEx Query in user role profile in BEx query designer

  I assigned several BEx query objects into user profile menu via t-code PFCG first.
  Then expected - when I need and open them in BEx query designer I could find them after clicking "Role" button in  "Open" window. But unfortuantely I'm not able to do that.
  Do I miss anything to archive that? Is other customizing activity else neccessary?
  Thank you for any suggestion.

  Hi Brad.Ma,
  If you can open query from Area "button", after that, you publish it to roles you want assign.
  You try generate Authoriation in Role in Tcode PFCG.
  Hope help you to solve the problem.
  Dao
  Edited by: xuandao_sap on Sep 20, 2011 3:33 AM

• How to create authorization role for just displaying query prefix Q and X.

  Hi Expert,
  I hope someone can help me on how to create authorization role for just displaying and executing  BEX  Queries prefix Q and X. I'm currently using SAP BI 7.1.
  Actually, I already created one role called : Z_FORINDO_ONLYDISPLAY_QX
  where I only put in the Authorization Component (in the Role Maintenance - Tcode 'pfcg'):
  -->Manually Business Information Warehouse
      --> Manually Business Explorer - Components
  Activity : Display, Execute, Enter, Include, Assign
  InfoArea : *
  InfoCube : *
  Name(ID) of a reporting component : *
  Type of a reporting component : Calculated key figure, Restricted key figure, Template structure
      --> Manually Business Explorer - Components
  Activity : Display, Execute
  InfoArea : *
  InfoCube : *
  Name(ID) of a reporting component : Q* , X*
  Type of a reporting component : Query
  But, the problem is I still can make changes on that queries (Q* and X*). Even, I still can run query with prefix Z. I use S_RS_RREPU Tamplete for Query Display and execution.
  Please assist. Very much appreciate your help. Thanks.
  Edited by: nadiyah salleh on Mar 18, 2008 11:22 AM

  Question close. This issue has been resolved.

• Not Able To Find a Role For a specific Tode

  Hi Experts,
  I am trying to search a tcode.I have used as many ways as i could.
  1.Thru SUIM- Roles by transaction code.
  2.Thru SUIM- Roles by authorization value.
  3.Thru Table AGR_TCODES
  4.System trace
  5.Performed user comparision for all roles contain in my buffer.
  Also, I have checked in SE97 to check wheather there is any indirectly calling transaction code against it, but recieved no success yet.
  However ,my Colleague is able to perform that Txn.code without any authorization error.We both have exactly same roles.In my case, it is throughing missing authorization error.The Txn. code is /n/VIRSA/ZRTCNFG.
  Kindly help me inresolving the issue.
  Regards,
  Mukesh

  Hi,
  This TCode is available if your system has the GRC CC5.2 RTA. If you cann't find out the TCode in normal way (as used to do in every cases, for e.g. SUIM -> Roles by TCode assignment), please go to TCode SE84, then "Other Objects" -> Transactions. Put TCode "/VIRSA/ZRTCNFG" in the Transaction code field and execute.
  Now you can find out further to find out other related TCodes (VIRSA) corresponding to the same package (/VIRSA/RT).
  1. Go to SE16 -> table TDEVC -> put the package name and get the list.
  2. Go to SE80 -> put the package name (by selecting option "Package") and click on the Display button -> then expand the drop down "Transaction"
  FYI: This TCode is used to configure GRC Risk Terminator
  Now coming to the question, how to find out the role? The answer is very simple: You may not have the TCode /VIRSA/ZRTCNFG assigned to any role in menu (and listed in S_TCODE). Still the access to the TCode is granted due to "variable" or "range" entry in S_TCODE.
  Hope the answer is clear. Else, please let me know.
  Regards,
  Dipanjan

• How get report of all user assigned tcode & object activety wise

  Dear All,
  We need to get report of user assign tcode & assign tcode wise activety.
  Regards
  jitendra Singh

  Hi Colleen,
  but we are checked all below table related to authorization & user
  1. USR02 --> User Name
  2. AGR_USERS --> User Name & Role Name
  3. AGR_TCODES --> Role Name & Transaction Code
  4. AGR_PROF --> Role Name & Profile Name
  TSTCA
  Also,
  5. AGR_DEFINE --> For more detail role information
  USR01 contains the runtime data of the user master records
  USR02 is the table containing logon information such as the password
  USR03 includes the users' address information
  USR04 contains users' authorizations
  USR05 is the users' parameter ID table
  USR09 contains user menus
  USR10 is the table for user authorization profiles
  USR11 contains the descriptive texts for profiles
  USR12 is the user master authorization values table
  USR13 contains the descriptive short texts for authorizations
  USR14 contains the logon language versions per user
  USR30 includes additional information for user menus
  USH02, USH04, USH10 and USH12 contains Users and profile and
  authorization change history data.
  Tables related with authorizations objects and authorization fields are as follows:
  TOBJ is the authorization objects table containing the authorization
  fields for each.
  TACT contains the list of standard activities authorization fields
  in the system.
  TACTZ is the table which defines the relationship between the
  authorization objects and the activities in those objects containing
  the Activity authorization field.
  TSTC is the transaction code table where authorization objects
  and values can be defined.
  but not getting any fruit full result.
  we are try to create SQVI query but not find the corresponding table.
  created user against role & role against Tcode  but not getting tcode against activity file value for particular user
  please help me for the same

• I need the sap bw table names for ROLE's

  I need the sap bw table names for ROLE's .
  thanks

  Hi,
  AGR_1251 - Authorization data for the activity group
  AGR_USERS - Assignment of roles to users
  AGR_TCODES - Assignment of roles to Tcodes
  You can also try putting AGR* in ur search.
  -Vikram