TABLE for roles !
Hey a quick question --> which is table that gives all the roles and who created them? I did try a list of AGR* but nothing mentioning this.I treid the SUIM too that too says none !
Thanks
>
george G wrote:
> Hey a quick question --> which is table that gives all the roles and who created them? I did try a list of AGR* but nothing mentioning this.I treid the SUIM too that too says none !
>
> Thanks
I always enjoy reading your questions. It's like watching American Idol, you never know what you get...
Similar Messages
-
Hello All
I can't find the right table for role description.
Can someone tell me the table name showing role description ?
Thanks &
Regards
CBI've finally find it, it's AGR_TEXTS
-
Table for Role & Authorization group
Hi Gurus,
I am looking for a table or FM to get all roles for Authorization group.
I tried in SUIM tcode but could not able to find exact DB table for these.
Giri
P.S.: To Moderator:
My earlier thread was locked for the same question, I was searching in SDN and google from last 3 days and could not able to find enough information on it. AGR_USERS, TBRG, TACT are the tables i found. But still there is a link missed between Role & Authorization Group.Thomas,
My report have selection screen with Auth group and user.
If user provides Auth. Group then need to find all roles linked to auth group and users assigned to that role.
In my investigation, there is link between Auth. Group <--> Auth. object.
Also Auth. Object <--> Role.
but still there is a fine link missing between Auth Group <--> Role.
For Eg: Auth Object S_TABU_DIS will be associated to all Auth. Groups but assigned to only limited roles.
I tried to debug the SUIM transaction multiple times but couldn't find the tables to find the link and not able to find the FM's.
if anybody have any idea to find that link between Auth. Group & Role then it will be helpful....
Giri -
Table For Role relevant TCodes & its Description
Hi,
There is any Table to get the Details of TCodes available in particular Role with its description.
If table is not there,There is any simple method to get TCode details with role.
Pls help me.Thanks in Advance.
Regards
KarthikaHi Karthika,
Use table AGR_PROF to get profiles for the requried roles.
and run the table USTSTCAP, from this table you can get Tcodes for the profiles...
hope this information can help you.
thanks,
kishore -
Tables for Role Name created through Tcode pfcg
User would Input Role Name and to that what users are attach and what value they are authorized to u2026?? Is there function module to this..
Hi,
Use this table AGR_USERS Assignment of roles to users
or try this FMs
CNV_GET_USER_ROLE
ROLE_ANALYSE_FOR_USER
Regards,
Jyothi CH. -
DB table for Derived Roles and Parent Roles
Hi Expart,
In which DB table the Derived Roles and Parent Roles are store .that is i need to find out the derived role and parent Role .i have completed the Complex and single role by table AGR_AGRS
But i have to find out the table for Derived Role
Plz help me to get those table
Thanks in advance
TarakIt's the same table as for the master role: AGR_DEFINE (field PARENT_AGR is filled for derived roles).
~As from Forum -
I need the sap bw table names for ROLE's
I need the sap bw table names for ROLE's .
thanksHi,
AGR_1251 - Authorization data for the activity group
AGR_USERS - Assignment of roles to users
AGR_TCODES - Assignment of roles to Tcodes
You can also try putting AGR* in ur search.
-Vikram -
VIRSA tables for users, roles and profiles sync?
Hello,
I am in a customer, implementing CC 5.2. At the first time, we tried CC 5.2 in DEV environment, and when everything was OK, we redirect RFC connectors to QA environment.
After doing user, roles and profiles sync in DEV and in QA environment too, I have 4.500 user (1.100 from DEV + 3.400 from QA) when I recover all users "*" with "user level - risk analysis" from the "Informer" tab.
It seems that "users, roles, profiles, sync" works like and "APPEND", but I did a COMPLETE syncronization not an INCREMENTAL.
If I start an analysis for QA environment, CC works properly and only analyse QA users (3.400). But I would like to clean CC tables (users, roles and profiles) in order to have a clean copy of QA in CC.
Which VIRSA tables (users, roles and profiles) I need to clean?
It is necessary to do the same with authorization and text objects? Which would be these tables?
Thanks in advance,
VictorHi all,
SAP GRC Support provides a script which allows you to remove a connector since it does delete all data link to it. Anyway, I would recommend a deep analysis of it and find out if it does what you really want to do.
Víctor, if what you want to do it is just to remove all user, role and profile master data (stored in tables VIRSA_CC_SYSUSR and VIRSA_CC_GENOBJ) you could upload a text file using data extractor functionality with the delete field set to X. Doing so user, role and profile master data will be removed from CC database.
In order to use data extraction functionlaity you connector must be of type "File Local".
Be careful about removing data directly from DB since, as Prem states, you might loose the DB consistency.
Hope it helps. Best regards,
Imanol -
....OIM and SOA tables for new Request for Roles
Hello OIM experts, please help me. I need the list of database tables that get updated when we submit new request for Roles. I need the tables that get updated by both SOA and OIM during request submission and approval.
Appreciate your great help.
thanks
Edited by: Jyothi on Oct 23, 2012 3:52 AMREQUEST table stored request template related information. IN OIM 11G, you can see three level of approval, template level, request level and operation level. OIM has certain pre-defined template, that information is stored in Request table. To get information on any table:Execute below query
select COMMENTS FROM USER_TAB_COMMENTS WHERE TABLE_NAME=<Tabel name for e.g.'REQUEST'>;
It'll give info on all tables.
To know more about request in 11g:
http://docs.oracle.com/cd/E21764_01/doc.1111/e14309/request.htm
regards,
GP -
RFC- Bapi - For Role Maintenance (Single and Composite)
We are in the process of developing an ASP.NET web application which will be used to raise requests for user and role creations in SAP.
We will be making use of Sonic ESB to update SAP through IWAY SAP adapter.
IWAY SAP adapter supports RFCs, Bapis & IDocs.
We are aware of RFCs that could be used for user creation, updating and deletion.
We have NOT come across any RFCs or Bapis for role maintenance
1) We would need RFCs for the following requirements:
1) To create a new role (single or composite role ).Creating a new role would include adding transactions to a role, deriving from an existing role or assigning more than one role to another role.
2) To update a role
3) To delete a role.
4) To get the details of an existing role
If there are no RFCs for the above requirement, will we need to create a custom RFC?
If we need to create a custom RFC, are there any transactions already available for the above requirements so that we could write a RFC wrapper?
2) Are there any RFCs that would give us the complete list of roles (single or composite) in an SAP system?
3) Are there any RFCs that would give us the complete list of transactions in an SAP system?
Presently for 2) & 3) , we are making use of RFC_READ_TABLE to read SAP tables to get the list of roles and transactions.
Thanks for your answersHi,
check these FM , i dont know it will work for u or not.
BAPI_USER_ACTGROUPS_ASSIGN User: Change entire activity group assignment
BAPI_USER_ACTGROUPS_DELETE User: Delete entire activity group assignment
BAPI_USER_CHANGE Change User
BAPI_USER_CLONE Create User with Template in Another System
BAPI_USER_CREATE
BAPI_USER_CREATE1 Create a User
BAPI_USER_DELETE BAPI to Delete a User
BAPI_USER_DISPLAY Display Users
BAPI_USER_EXISTENCE_CHECK Check a user exists
BAPI_USER_GETLIST Search for Users
BAPI_USER_GET_DETAIL Read User Details
BAPI_USER_INTERNET_CREATE Create a user in the Internet
BAPI_USER_LOCACTGROUPS_ASSIGN Change Activity Group Assignment for Dependent Systems from Central Sy
BAPI_USER_LOCACTGROUPS_DELETE Delete Activity Group Assignments in the Dependent Systems
BAPI_USER_LOCACTGROUPS_READ Change Activity Group Assignment for Dependent Systems from Central Sy
BAPI_USER_LOCK Lock User
BAPI_USER_LOCPROFILES_ASSIGN Change Profile Assignment for Dependent Systems from Central System
BAPI_USER_LOCPROFILES_DELETE Delete Profile Assignments for Dependent Systems
BAPI_USER_LOCPROFILES_READ Change Activity Group Assignment for Dependent Systems from Central Sy
BAPI_USER_PROFILES_ASSIGN User: Assign profiles
BAPI_USER_PROFILES_DELETE User: Delete All Profile Assignments
BAPI_USER_UNLOCK Unlock user
Reward points if useful..
Regards
Nilesh -
We are in the process of developing an ASP.NET web application which will be used to raise requests for user and role creations in SAP.
We will be making use of Sonic ESB to update SAP through IWAY SAP adapter.
IWAY SAP adapter supports RFCs, Bapis & IDocs.
We are aware of RFCs that could be used for user creation, updating and deletion.
We have NOT come across any RFCs or Bapis for role maintenance
1) We would need RFCs for the following requirements:
1) To create a new role (single or composite role ).Creating a new role would include adding transactions to a role, deriving from an existing role or assigning more than one role to another role.
2) To update a role
3) To delete a role.
4) To get the details of an existing role
If there are no RFCs for the above requirement, will we need to create a custom RFC?
If we need to create a custom RFC, are there any transactions already available for the above requirements so that we could write a RFC wrapper?
2) Are there any RFCs that would give us the complete list of roles (single or composite) in an SAP system?
3) Are there any RFCs that would give us the complete list of transactions in an SAP system?
Presently for 2) & 3) , we are making use of RFC_READ_TABLE to read SAP tables to get the list of roles and transactions.
Thanks for your answersHi Nicole,
I think you are in the wrong forum.... For Guided Procedures, this is only about process roles and not roles used in the ABAP Stack.
Best regards,
David -
OIM 11gR1 : Parallel approval for role assignment.
Hi,
I'd like to add custom attributes to a role : "District security officer" and "Department security officer" (Can those be used for searching users? -- i.e. users lookup)
When the role is to be assigned to a user, I'd like the workflow engine to open tasks for the members entered on those custom attributes.
Also, Is it possible to assign a Role instead of the users in the custom attributes ?
Meaning, Approving user assignment of a role named "Role A" will be done by users that belong to "Role_A_Approvers".
Will appreciate pointers to the online docs, I've search and didn't find information related to the usecase I've described.
Thanks,
Meni,Bikash Bagaria wrote:
Meni wrote:
Hi,
I'd like to add custom attributes to a role : "District security officer" and "Department security officer" (Can those be used for searching users? -- i.e. users lookup)
When the role is to be assigned to a user, I'd like the workflow engine to open tasks for the members entered on those custom attributes.Try modifying the dataset. But I think there was an issue which someone reported here which said that you cannot add additional attributes to the role dataset. Logically it makes sense because there is no custom attribute for role in OIM so dataset should not allow it either.
I've noticed that the design console allows adding custom attributes to roles.
This can be done via Administration --> User Defined Field Definitions --> UGP (Table name).
Once a field is added, you'll need to choose "Properties" and add a "Visible Field = true" prop to the attribute chosen.
This will add a custom attributes section where your attributes will be shown.
Question is how you can add a "search users" lookup instead of plain string for this custom attribute,
and how those attributes will find their ways into the BPEL composite where business decisions based on those attributes may be taken (assign task per this attribute for an example).
Also, Is it possible to assign a Role instead of the users in the custom attributes ?
Meaning, Approving user assignment of a role named "Role A" will be done by users that belong to "Role_A_Approvers".You can create request for multiple roles in a single request and in your approval process you need to dynamically set the human task assignee based on the role selected. You also need to attach the approval process to orchestration level so that it generates a separate child request for each role selected.
I'm not sure I understand how the proposed approach helps avoid the decoupling of users to role admins attribute.
The intention was to have two roles, "Role_A" and "Role_A_Approver" where people that belong to "Role_A_Approver" will be assigned workflow tasks whenever Role_A is to be granted to end-users.
Currently, each role has a "Role Admin" attribute, this attribute however holds a user and not a container of users (role)..
Will appreciate pointers to the online docs, I've search and didn't find information related to the usecase I've described.
All about requests
Thanks,
Meni,-Bikash -
Which table has Role Type and Validity
I do have role name - agr_name, which table will hold the role type - Single or Composite and Valid till date?
Welcome to SDN.
Check following tables -
AGR_AGRS Roles in Composite Roles
AGR_AGRS2 Role definition
AGR_ATTS Role attributes
AGR_CUSTOM Role Customizing objects
AGR_DATEU Personal settings for roles
AGR_DEFINE Role definition
AGR_FAVOS Personal settings for PFCG
AGR_FLAGS Role attributes
AGR_FLAGSB Role attributes
AGR_USERS Assignment of roles to users
AGR_USERT Assignment of roles to users
Regards,
Amit -
Hi Gurus,
I want prepare a purchase register . please tell me the tables for that. please help me out.
regards,
Lakshmihi,
find tables in MM-PUR (Purchasing) :
EBAN - Purchase Requisition
EBKN - Purchase Requisition Account Assignment
EBUB - Index for Stock Transport Requisitions for Materi
EINA - Purchasing Info Record: General Data
EINE - Purchasing Info Record: Purchasing Organization D
EIPA - Order Price History: Info Record
EKAB - Release Documentation
EKAN - Vendor Address: Purchasing Document
EKBE - History per Purchasing Document
EKBEH - Removed PO History Records
EKBZ - History per Purchasing Document: Delivery Costs
EKBZH - History per Purchasing Document: Delivery Costs
EKEH - Scheduling Agreement Release Documentation
EKEK - Header Data for Scheduling Agreement Releases
EKES - Vendor Confirmations
EKET - Scheduling Agreement Schedule Lines
EKETH - Scheduling Agreement Schedules: History Tables
EKKI - Purchasing Condition Index
EKKN - Account Assignment in Purchasing Document
EKKO - Purchasing Document Header
EKPA - Partner Roles in Purchasing
EKPB - "Material Provided" Item in Purchasing Document
EKPO - Purchasing Document Item
EKPV - Shipping-Specific Data on Stock Tfr. for Purch. D
EKRS - ERS Procedure: Goods (Merchandise) Movements to b
EKUB - Index for Stock Transport Orders for Material
EORD - Purchasing Source List
EQUK - Quota File: Header
EQUP - Quota File: Item
T024 - Purchasing Groups
T024E - Purchasing Organizations
T024W - Valid Purchasing Organizations for Plant
T024Z - Purchasing Organizations
T027A - Shipping Instructions, Purchasing
T027B - Texts: Shipping Instructions
T027C - Codes for Compliance with Shipping Instructions
T027D - Compliance with Shipping Instructions: Texts
T069 - Certificate Categories
T069Q - Control Data for Source Determination and Checkin
T069T - Certificate Categories: Text Description
T160 - SAP Transaction Control, Purchasing
reward points if hlpful. -
DFD diagram and ER crossmatrix for role definitions and role's privileges on objects
Hello,
Having the question on derivative use of combination of DFDs and ER diagrams ( let us be more fixes and focus on Relational model ).
In DFD there are defined external entities and functions, data flows and data stores that are forming processes.
Functions represents procedures, transactions, transformations.
Dataflows presents procedures parameters, intermediate reports, temporary table data, data that is passed , retrieved/written, signals, triggers/events that controle or trigger function...
Context of my question is focused on external entities.
External entity suppose to denote the sourced or destinationed system ( for example Archiving system ) or operator, system that is out of scope of the DFD and it is mentioned just as target or destination or source of dataflow or control flow.
In context of these understandings I am using external entitiy also for types of users of the system: staff that is triggering functions or schedulers or job managers, or reporting systems ( or components of reporting systems like for example business intelligence extraction processes ).
What is my problem that on basis of external entity definitions and E/R model also define roles and privilege classes for access to data objects.
And from those generating ddls for database roles, privileges on entitities to those roles.
But in privileges granting to role having two different kind of privileges on data objects:
- privileges that are granted on various schema objects
For example role1 has grant on tab1, view2, procedure1, package3,
- the other type of privilega is based on the scope or range of semantically defined scope or semantic area.
Semantic area is scattered through tables because of normalisation and using semantic area as entity of which primary key is
partitioning the table data through many semantic areas.
So this privilege should be granted on basis of the rows in table not column ( more semantically then structurally ...row oriented more than column ).
Both privileges that are granted to roles are also basis for functional roles
( privilege that is granted that functional role has grant to trigger or execute some function or process ).
My question is?
How do you handle modeling technology for analysis and design for role privileges and consolidation between database and functional roles ?
Grateful for any idea, experience and suggestions.Hello,
Guess I was looking for the formal sequence of steps that would bring me to the
ddls for "create role ..." and "grant privileges to role".
You can do that.
1) I assume you have logical model and it's engineered to relational model, also you have data flow diagram created
2) You need to define information structures for flows connecting "Information store" to primitive process - attribute usage of particular entities should be defined for those "information structures" processed in flows
3) You need to define create, update and delete operation for flow going from primitive process to store - read is assumed in opposite direction
4) create a role in Process model and assign primitive processes to it - list of available processes to add depends on current data flow diagram
5) You need an open physical model for your relational model
6) Select "transfer process model roles to physical model roles" from context menu of top level DFD - select roles, relational and physical model there - roles with related permissions will be created in physical model
Entity1 is divided in several subtypes for different business areas.
And account manager for business_area1 is allowed to work on subtype1 ( view on prime table )...
Different implementation of entity hierarchies are not processed correctly in that wizard - i.e to get permissions to table corresponding to child entity - that entity should be used in information structure and flow.
Philip
Maybe you are looking for
-
We are trying to load data into FDM and resulting in error : An error occurred importing the file . The view log is as follows what am i missing ** Begin FDM Runtime Error Log Entry [2008-09-26-19:08:59] ** ERROR: Code................................
-
How can I quickly load up a very large ".RTF" file ? Pages
Called a local Apple store and they were unable to answer the above question. Anyone possessing the experience in fast RTF file conversion to either Pages or Word would be helpful. -Porto Germano
-
How to clear updates from BBM on q10
Can't seem to figure out how to clear updates from BBM messenger. I. Have the Q10 any feedback would be great! Solved! Go to Solution.
-
Incorrect Log On Paramters (Windows 7 64-bit)
Hi, I just recently switched to Win7 64-bit. from XP. I'm having an issue with scheduling the report in the Central Management Console telling me that the report has incorrect log on parameters and will not run. The report is being created locally on
-
Drop Down Menus Fail in iPad Safari
Drop down menus work for a while on iPad Safari. When they stop working, i.e., any selection takes you to the Home page, if you clear cache, cookies, then they work for them. Is there a better fix for this problem?