Tcode within a role

Hi all,
How can I find out in which role that a tcode exist in?  For example, I have:
Roles: 1) Roles1, 2) Roles2, 3) Roles 3, ... N) RolesN
and I also have a tcode, say: ZFIUPLoad, and I would like to find out that in which roles that this tcode assigned to?
Any idea?
Thanks

Check transaction code SUIM with options available.
> Roles
>> Roles by complex Search Criteria
Enter transaction code, Execute
Check other options for additional searches. This transaction should cover all.
Hopethishelps
Hein

Similar Messages

  • How to fetch iView Properties within a Role?

    Hi,
        I have Role-A. PCD path of this role is known. With this information, programmatically I should be able to fetch a few properties of all the iViews within this Role. An iView can be at any level with in this Role-A ( like RaleA- Workset-Page-iView or Role-Page-iView) . Is it possible to fetch the properties dynamically? Do we have APIs to do this? Any help is much appreciated.
    Regards,
    Nag.

    A Good starting point is this:
    Browse Roles, Folders, Pages & iViews assigned to a user: EP6 SP2
    Once you get the iView object it's not difficult to get the properties.
    Thanks
    Prashant

  • Table for tcodes for a role at object level

    Hi Expert,
    In production we have one role that doesnot have any tcodes at menu level.We are able to find tcodes at object level s_tcode.
    I have tried in agr_tcodes table i am getting zero tcods for that role.
    Is there any way to find out tcodes for particular role which is maintained in s_tcode object.
    Thanks,

    I know you already got the answer from akshay..Still wonder why the thread is still open.. I could not resist my self to say few words....
    AGR_TCODES - Gives transaction that is added in role menu and appear in S_TCODE with standard status.
    AGR_1251 (with role name and S_TCODE) - Gives you above as well as manually added S_TCODE values.
    Also keep eye in the status for S_TCODE in output of AGR_1251 (Rest for you to explore) so no need to enter the role manually to see whether the object is added manually or standard....
    Arpan

  • Cannot trace the transaction code within a role

    Hello All,
    We, in our project trying to trace out various transaction codes assigned to each of roles.
    I have an issue tracing an transaction code FB60. When i searched in suim for transaction codes within the role, I could see FB60 listing in the results.
    But when i go to role through pfcg and see in the menu tab i cannot find the transaction code there.
    what went wrong here? Now i want to remove the transaction code from the role so that next time when i use suim it wont be listed in the results.
    Kindly advice.
    Regards,
    Brahmeshwar Poloju

    HERE IS THE OUTPUT.
    OBJECT     AUTH         VARIANT FIELD      LOW                                      HIGH
    S_TCODE    T-DC84003900         TCD        SCPE*
    S_TCODE    T-DC84003900         TCD        SDD1*                                    SE03
    S_TCODE    T-DC84003900         TCD        SE07                                     SE16N
    S_TCODE    T-DC84003900         TCD        SE17                                     SECQ*
    S_TCODE    T-DC84003900         TCD        SEEF*                                    SI24_12
    S_TCODE    T-DC84003900         TCD        SI2414                                   SIBU
    S_TCODE    T-DC84003900         TCD        SIC_*                                    SLAT
    S_TCODE    T-DC84003900         TCD        SLG0                                     SLIB_*
    S_TCODE    T-DC84003900         TCD        SLIN                                     SLXT
    S_TCODE    T-DC84003900         TCD        SM30
    S_TCODE    T-DC84003900         TCD        SM31                                     SM37
    S_TCODE    T-DC84003900         TCD        SM50
    S_TCODE    T-DC84003900         TCD        SM51
    S_TCODE    T-DC84003900         TCD        SMAR*                                    SMEZ
    S_TCODE    T-DC84003900         TCD        SMTH*                                    SNLS
    S_TCODE    T-DC84003900         TCD        SNRO                                     SO99
    S_TCODE    T-DC84003900         TCD        SOACARRY*                                SOTR*
    S_TCODE    T-DC84003900         TCD        SP02
    S_TCODE    T-DC84003900         TCD        SCUS*                                    SDCA*
    S_TCODE    T-DC84003900         TCD        /*                                       DA_*
    S_TCODE    T-DC84003900         TCD        DC*                                      PFCF*
    S_TCODE    T-DC84003900         TCD        PFD*                                     RYZ*
    S_TCODE    T-DC84003900         TCD        RZZ*                                     SAIM*
    S_TCODE    T-DC84003900         TCD        SAIO*                                    SAK*
    S_TCODE    T-DC84003900         TCD        SAM*                                     SAPTE*
    S_TCODE    T-DC84003900         TCD        SARJZ*                                   SARTN*
    S_TCODE    T-DC84003900         TCD        SASAPCATT                                SBEA
    S_TCODE    T-DC84003900         TCD        SBI*                                     SC2_*
    S_TCODE    T-DC84003900         TCD        SCA*                                     SCBZ*
    S_TCODE    T-DC84003900         TCD        SCDO                                     SCI*
    S_TCODE    T-DC84003900         TCD        SCTS*                                    SCU3
    S_TCODE    T-DC84003900         TCD        SWF_TR*                                  SYNT
    S_TCODE    T-DC84003900         TCD        SZG*                                     TRBS
    S_TCODE    T-DC84003900         TCD        TRCM*                                    UR_M*
    S_TCODE    T-DC84003900         TCD        USRM*                                    _Z*
    S_TCODE    T-DC84003900         TCD        SWF_CN*                                  SWF_RE
    S_TCODE    T-DC84003900         TCD        SPEC*                                    SPERS*
    S_TCODE    T-DC84003900         TCD        SPP*                                     SPROJE
    S_TCODE    T-DC84003900         TCD        SQ00                                     SRT*
    S_TCODE    T-DC84003900         TCD        SSC                                      SSDZ*
    S_TCODE    T-DC84003900         TCD        SST0                                     ST05*
    S_TCODE    T-DC84003900         TCD        ST14                                     ST62
    S_TCODE    T-DC84003900         TCD        STCU                                     STKZ*
    S_TCODE    T-DC84003900         TCD        SV*                                      SWF_BA
    S_TCODE    T-DC84003900         TCD        SURAD                                    SURVEY
    S_TCODE    T-DC84003900         TCD        SU50                                     SU52
    S_TCODE    T-DC84003900         TCD        SU3
    S_TCODE    T-DC84003900         TCD        SU2
    S_TCODE    T-DC84003900         TCD        SU0
    S_TCODE    T-DC84003900         TCD        STS*                                     STYLE*
    Regards

  • Tcode in a role

    Hello Gurus,
    I'm trying to delete a tcode  vk11 from a role.
    To find which all role has this tcode, i used SUIM.
    Under one role i found this tcode in s_tocde field, but when i assigned this role to a dummy user( without removing the tcode)
    I was not able to execute tcode VK11. It says you are not authorized.
    Should I still remove this tcode from a role or its ok to leave it there?
    Thanks for your help!

    >
    Jurjen Heeck wrote:
    > > If the tcode is in S_TCODE auth object then you should be able to execute it.
    > Some transactions (or rather programs) fail immediately after starting because other required authorizations are missing.
    >
    > So technically you may be able to start it but it can still appear as if it didn't start at all because the initial screen failed to load. This is when the message becomes confusing.
    >
    > SU53 and/or ST01 may help in your research.
    Thanks Jurjen ...now I remember that, we had this problem with a t-code when we were installing Informatica...thanks again.
    but for the OP question, I tried with manually adding  VK11 and it works..atleast the first screen load..so for his issue my guess is profile is not generated.......but then I may just be speculating.

  • Segregate access to Plant within same role (Organisation level)

    Hi
    I don't seem to find out whether it is possible to segregate the access to plants in the same role
    I have a role which gives Full Access to all plants. One of them now is being closed down therefore needs to be locked down for changes and can only be given with display
    We have about 150 roles like this so the option of creating a new role to display that specific plant is not an auspicable...
    How can I do so?
    Thanks for any hint!
    Nadia

    Segregating the access within a role itself doesn't seem to be feasible.
    If you want to restrict access to that plant, you need to update the roles to exclude that plant value
    and setup a display role for that plant value.
    Regards,
    Zaheer

  • Role within a role, seperate permissions

    Hi there
    I have a role, HR, which must appear in the top level navigation. That is simple to do ... create the role, add iviews etc., mark as entry point and assign users to the role ... displays nicely.
    Now, as part of the HR section, we would like another section, namely Payroll, which is only accessible to certain people.
    I can create a new role, called Payroll, and assign certain users to that role.
    I then add the Payroll role to the HR Role ... Payroll now appears in the detailed navigation as required, but all users have access to the iviews within the Payroll role, which is not what we want.
    If I mark the Payroll role as an entry point, then it only appears in the top level navigation for users who have been assigned to the role.
    This makes me think I have the permissions configured correctly.
    What do I need to do to make detailed navigation rely on the role permissions? It would appear the permissions are being "inherited" from the parent Role, which is not what I want.
    Is there a way to get a role within a role to keep its permissions and ignore the parent permissions?
    Can I do this in the detailed navigation, or should I be trying something else?
    Should this perhaps be done at a workset level instead?
    Any help would be greatly appreciated (and no doubt points awarded)

    Thanks Marty
    I had forgotten about Merging, and that seems to have gotten me most of the way.
    I can successfully merge, and the new item only appears for the relevant users, but it merges quite high.
    I would like the merging to happen in the detailed navigation, but I can't seem to get this right.
    At the moment, I have 2 worksets, namely Home and Payroll. I set the merge properties on these 2 worksets. Home workset is then assigned to the HR Workbench role. When I log in as a user who has access to the Payroll role, then I see the HR Workbench role, and in the second level navigation, I see Home and Payroll (worksets).
    What I would like, is to have the Payroll workset appearing in the detailed navigation.
    I have tried merging on the folders in the Home workset, but still don't see anything in the detailed navigation.
    Do you know if it is possible to merge in the detailed navigation, or only top level navigation?
    Thanks for the answer ... I will reward points now

  • Room within a Role

    Hi,
      I have  a room which should be accessible to all users.So I am thinking of assigning it to a role which a user can access easily. I did this by using a url iview,But the problem is within that role the masthead and all the roles are displayed once again. I want only the room content to be displayed in that role. Can anybody tell me how to go about this?
    Regards
    Vineeth

    Hi Vineeth,
    Almost right.You have to modify the PCD ID in order to call the object via URL.
    You should replace the colon by "!3a" and each slash by "!2f".
    <b>Example</b>
    PCD ID:
    <i>pcd:portal_content/FolderA/com.sap.iview</i>
    Modified PCD-ID:
    <i>pcd!3aportal_content!2fFolderA!2fcom.sap.iview</i>
    URL prefix:
    <i>http://<portalserver>:<port>/irj/servlet/prt/portal/prtroot/</i>
    Final URL -> check with new browser instance:
    <i>http://<portalserver>:<port>/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fFolderA!2fcom.sap.iview</i>
    In earlier versions of NW you could get this URL by clicking on the preview button of an iview... And be sure to have the right security settings to execute an iView in this way.
    Hope this helps.
    Stefan

  • Illegal Tcodes error while role generation in BRM GRC 10.0

    Hi Experts,
    I am working on SP11 GRC 10.0.
    In BRM, after following all necessry steps for role creation, when I enter last stage "Role Generation" and try to generate it, I am getting error "Illegal Tcodes (system name)" as shown in below screenshot.
    I am adding SAP standard t-codes only (e.g. SU53) which are existing in the backend system but still it throws error.
    Your suggestion is highly appreciated.

    Hi Swati,
    Thanks for your reply.
    I had already applied note: 1066687 but it didn't resolve my issue.
    Note: 1441463 is valid till release 720 and I am on release 731 and SP11.
    Thanks
    Jayesh

  • Know the tcodes of a role assigned to user

    Hi
    I assigned buyer role to myself and now i want to know the tcodes of the transactional iviews running in those particular tasks.
    like in Purchasing--overview    worklist and Purchasing groupanalysis iviews displayed.
    How do i get to know about there tcodes

    Hi Neel,
    When transactional iviews get execute from that window bottom right you can get the program name details .
    Or go to the iview properties added to the buyer role here also you will get all details like t.code , system used in portal,
    System client  and all.
    Regards,
    Piyush

  • RT- not flagging violations when new tcode added to role

    Hi,
    I am using Access Enforcer and Compliance Calibrator and maintaining roles through PFCG. What I am finding is- AE picks up violations of role assignments to users as does Risk Termiantor. However if I add a new transaction code to a role through PFCG that causes a violation not in the role itself but when combined with other roles that the user already has on their account, this is not being flagged. Therefore I could have an unmitigated risk going undetected until I next run CC, which would pick it up. Has anybody else experienced this? Does Risk Terminator not pick up violations at user level when a role is updated?
    1) create role ztest1 with tcode IW32
    2) create role ztest2 with tcode MIGO
    3) assign both roles to user- testuser
    4) Edit ztest1- add tcode ME21N. Click Save
    5) Risk violation for user not flagged
    Thanks

    "I should perhaps add that I'm working here with .doc files (not .pages files) and that I edited the info.plist of Pages to give it the role of 'editor' instead of 'viewer' for all ".doc" files. Mainly to ensure that if I work on a .doc file which I want to remain a .doc file, I don't have to Save As (.doc copy) all the time but can just save in the normal way. Could this interfere with the above problem?"
    Here is your problem. Every time you open a .doc to Pages it is a new document. When you work on in Pages it is a Pages file and not a .doc file. If you want to work in PAges save the file as the generic .pages and do the export for .doc. Keep that name and next time you Save as Word or export as word in the same location the .doc file will be overwritten with the new one. and you'll only have on .doc file and one .pages file.
    If you want only have .doc files don't use Pages.

  • Maximum Number of tcodes in a role

    I would like to know whether there is any SAP reccomendation on the maximum number of tcodes in roles.  I have Security consultants colleagues who suggests that the maximum number of SAP transactions in a role must be around 40, though I have not found or heard anything from SAP or someone on such recommendations.
    We are redesigning some large roles,and divding them with 40 tx each doesnt looks a good idea to me as they will result in lot of roles and managing them would not be feasible. 
    Can anyone share their experience regarding the same. Does SAP recommend anything related to it.

    Sameer,
    I was "assured" that the key finance person would need access to all of the t-codes in a very long list - about 1300 in total.
    Checkig out what she actually uses, there are just over 30 that she uses at least once a day, another 8 she uses at least once a week, and another 7 she uses once a month. There are 4 she will use very occasionally, and I suspect we will find maybe another 2 or 3 she will use once a year (possibly a few more, but I doubt more than half a dozen).
    Although we haven't done the same work for all roles, I suspect we would find the same in several others.
    The problem is that once you have given someone access to a t-code, they will fight to keep it, even if they don't use it. Better to start with the absolute minimum, and then let them have the others, if they really will use them.

  • Restricting SCC4 Tcode, from the Role that was extracted from SAP_ALL profile

    Hi,
    Recently we have created a role extracting from SAP_ALL profile. We have deactivated many Basis, and other Critical Tcodes for our Dev & QTY systems by identifying the authorization objects.
    But- for SCC4 we want to know if there is any other way to restrict the access.
    Since we created the role by extracting the profiles from SAP_ALL. S_TCODE has * value, and S_TABU_CLI: has "X" value.
    - problem is we cant deactivate or limit the usage of S_TABU_CLI:X as we have many ZTcodes for direct maintenance, which needs this AO.
    - At the same time, we are trying hard to restrict SCC4.
    So, please suggest if there is any other alternative way to restrict Tcode SCC4, by not being able to run using the New Role.
    Regds,
    Satish.

    First of, let me say that I fully agree with Sunil Bujade. The building block approach is the way to go when designing roles.
    But if we're being practical, you could use authorization groups for tables (T-code SE54) and assign a custom auth. group to table T000. Then use this group to authorize (or actually not authorize) with object S_TABU_DIS.
    Again, this is just a practical tip. The whole "create a role from SAP_ALL" thing is a totally different subject altogether.
    Good luck!
    Dimitri.

  • Can PID (Parameter ID) be set as a default by TCODE or Role Level

    Hi, Any one has any idea if PID (Parameter ID) and its value can be set as a default at TCODE or at Role Level?
    Thanks in advance.
    Syd.
    Addendum:
    Re: Can PID (Parameter ID) be set as a default by TCODE or Role Level
    Posted: Oct 17, 2006 9:38 AM        Reply      E-mail this post 
    Thanks for the reply, you have mentioned try creating a Transaction variant or a Transaction parameter.
    Here is my question?
    1. Can we set a default Parameter ID at TCODE level so, if any user execute a transaction who has access to execute it, he will have Parameter id and its value as a default?
    2. Can PID be set as a default for SAP TCODE or Custom TCODE, or can be done for both, if it can be done then, How?
    3. Can PID be set as a default for a particular Role or profile?
    Message was edited by: Syed Alam
    Message was edited by: Syed Alam

    Hi JC,
    Yes, I agree.
    A small disclaimer however is that we dont know which transaction is being refered to.
    Creating a transaction variant with the parameter set for it could enable the use to navigate further and back again and in doing so "shed" the screen which the transaction (initially with variant parameter and skip screen) originally gave them.
    Using a user-exit to set the parameter can in some cases be closer to the functionality (irrespective of how the user gets there) and be more reliable. But in this case an adventurous user will be likely to trick it anyway if they want to.
    If the decision is made to use PIDs in the coding, then it is a decision that the user can influence the value (in my view). If coding makes insecure use of PIDs, then it is a design error in the coding.
    Cheers,
    Julius

  • Mass role creation and addition of tcodes to role menu

    Hi Folks,
    We've a requirement of building 1000's of single roles for an implementation. Our security matrix is ready with the role names and the list of tcodes to be embedded in each of these roles. What I would like to know is if we can automate a part of the process of role building i.e the following 3 steps only.
    1. Creation of the Role
    2. Addition of the tcodes in the role menu
    3. Save
    I'm aware of Ecatt/LSMW through which we can create the roles but i'm not sure if we can add the tcodes to the menu of the roles since the number of tcodes to be populated in each role will vary.
    Could anyone of you shed some light if it is possible to automate the addition of  tcodes to the role menu taking into consideration that each role will have different number of tcodes to be added to the menu and what's the best possible way to achieve this if there exists one.
    Thanks in advance for your time and suggestions!
    Guest...

    Whilst I agree that there are probably too many roles being built here, which is more of an issue with the role design / strategy, the issue of how to easily create a role for a given list of transactions is something that SAP supports via the import menu from text file option in PFCG.
    Yes you may need to write a script to cycle through all the possible role names, but we have recently had to build some roles based on actual usage, so exported transaction usage history to excel and then formatted the transactions into text files that could be imported to build the role menu.
    You will still then need to ensure any object authorisation object have the correct values set - i.e. not just starred in - but as one of the pains in build a role is getting the menu to look reasonable, I'd suggest having a look at this approach.
    Copy Menus -> Import from File is the function in PFCG in the menu tab for the role you are building
    OSS note 389675 has details of what the text file of transactions for the menu should look like.
    That should answer the question posed, rather than criticising the role design being followed.

Maybe you are looking for

  • Unable to install CSS3 Mobile Pack on Windows 7 computer

    Adobe Extension Manager says: "This extension cannot be installed, it requires Fireworks version in range inclusively between 11.0 and 11.1." Windows 7 Home Premium 64bit Service Pack 1 Intel Core i7 1.60 GHz Installed memory: 6GB Fireworks CS5 - 11.

  • Hard Drive upgarde 40G to 160G looked good, except can't install new system

    I mistakenly posted on the G3 forum. Here is my last post in that thread, and a summary of my problem (note that this computer came with OS 10.4.2 and that is what I am trying to install). We have a mac book pro and its install CDs, and a macbook 10.

  • How to pause/stop updates from App Store on iPad?

    Currently, I am on holiday making use of a prepaid mobile Internet connection. By accident I pushed the button "Update All" in the App Store. Then it started downloading 18 apps and consumed more then many MB's in just a few minutes. My prepaid Inter

  • 20" or 24" imac with a Air Desk?

    I have been using a Air Desk with my PB 17 and love its ergonomics. I was wondering if anyone has tried to set up a imac on the air desk system of supports and stands. Thanks Razz

  • Limit change access to all useres exept the one that created the document

    Hi, I wonder if it's possible to limit the change access only to the user that has created the document when it's in a specific status. This is what the customer wants: When a document is set to status K the document should be locked and no other use