VIRSA tables for users, roles and profiles sync?

Hello,
I am in a customer, implementing CC 5.2. At the first time, we tried CC 5.2 in DEV environment, and when everything was OK, we redirect RFC connectors to QA environment.
After doing user, roles and profiles sync in DEV and in QA environment too, I have 4.500 user (1.100 from DEV + 3.400 from QA) when I recover all users "*" with "user level - risk analysis" from the "Informer" tab.
It seems that "users, roles, profiles, sync" works like and "APPEND", but I did a COMPLETE syncronization not an INCREMENTAL.
If I start an analysis for QA environment, CC works properly and only analyse QA users (3.400). But I would like to clean CC tables (users, roles and profiles) in order to have a clean copy of QA in CC.
Which VIRSA tables (users, roles and profiles) I need to clean?
It is necessary to do the same with authorization and text objects? Which would be these tables?
Thanks in advance,
Victor

Hi all,
SAP GRC Support provides a script which allows you to remove a connector since it does delete all data link to it. Anyway, I would recommend a deep analysis of it and find out if it does what you really want to do.
Víctor, if what you want to do it is just to remove all user, role and profile master data (stored in tables VIRSA_CC_SYSUSR and VIRSA_CC_GENOBJ) you could upload a text file using data extractor functionality with the delete field set to X. Doing so user, role and profile master data will be removed from CC database.
In order to use data extraction functionlaity you connector must be of type "File Local".
Be careful about removing data directly from DB since, as Prem states, you might loose the DB consistency.
Hope it helps. Best regards,
   Imanol

Similar Messages

  • DB table for Derived Roles and Parent Roles

    Hi Expart,
    In which DB table the Derived Roles and Parent Roles are store .that is i need to find out the derived role and parent Role .i have completed the Complex and single role by table AGR_AGRS
    But i have to find out the table for Derived Role
    Plz help me to get those table
    Thanks in advance
    Tarak

    It's the same table as for the master role: AGR_DEFINE (field PARENT_AGR is filled for derived roles).
    ~As from Forum

  • User Role and Profile Managment

    Hi All,
    I have task on role management , i have a profile assigned to like 20 users , but one of the user is asking me to have special authorization on particular Z Table he want to have modify rights.
    in order to give the rights to this guy fro that table , i have to make this profile modified so that it will apply for all of them, so i wan to have this rights to this particular user with the same profile , does any body ahs idea how to achieve this??
    Or can any one suggest me where can i put this question in the forums??
    Thanks in advance
    Regards,
    Sundar

    Dear Sundar,
    To create new Role, use T. Code: PFCG
    Now, Provide Role's name, and Click tab: Create (in 4.6 X) or Tab: Single Role or Composite Role (In ECC 6.0). Give Description.
    Now, click Tab: Menu --> Transaction (T. Codes etc.),
    Tab: Authorization --> Change Authorization Data (Auhorization to Profile i.e. change/ Display/reate etc.)
    Tab: User (user to which Role assignment is reqd) and then click: User comparison.
    Thats it....
    Rewards accordingly.
    Best regards,
    Amit

  • Table for User Name and User ID?

    Hi Experts,
    I hv User ID, that Logs in. So, I waanna to pull the corresponding Name.
    So,
    Wher Can I find these data i.e. Which is the best Table/source?
    ThanQ.

    Yo ucan alternatively use SUSR_USER_ADDRESS_READ.
    The exporting parameter user_address would have the full name of the user in the field name_text.
        DATA: user_address LIKE  addr3_val.
        CALL FUNCTION 'SUSR_USER_ADDRESS_READ'
          EXPORTING
            user_name                    = sy-uname
    *       READ_DB_DIRECTLY             = ' '
          IMPORTING
            user_address                 = user_address
    *       USER_USR03                   =
          EXCEPTIONS
            user_address_not_found       = 1
            OTHERS                       = 2.
        IF sy-subrc = 0.
           write:/ user_address-name_text.
        ENDIF.

  • RAR: Best strategy for users/roles/profiles synchronization

    Hi all,
    Assuming that:
    1) we will be never interested about profiles risk analysis (just users and roles)
    2) roles risk analysis will be run first and after sometime (threee weeks) we will run it for users.
    and we will run batch risks analysis:
    Question 1) Is it possible to synchronize just roles and do it for users just when we want to execute risk analysis for them? Or is a best practice to synchronize always for users/roles and profiles eventhough risk analysis will not be done for all three?
    Question 2) If we execute just full sync and full risk analysis, users/roles or profiles deleted in backend between executions are also deleted from DB? or removal takes place only when executing incremental sync?
    Many thanks in advance. Best regards,
      Imanol

    Hi Imanol,
    Answer Q1: Yes, you can just select user and roles for the snych and risk analysis. Go to configuration-background jobs - shedule job. If you don't run risk analysis for profiles, you shouldn't sync and select them.
    Answer Q2: Both, the Full risk analysis will alwaly update your DB. I will recommend you, to do this job in some periodic times. The incremental sync job will as well update your DB, if anything changed in the backend system. Normally your are going to run your daily or weekly jobs with this selection.
    Thanks,
    Martin

  • Restrict GL / Cost Centre combinations for users/roles?

    Hi,
    Please could someone advise if it is possible to restrict Cost Centre and GL Account combinations during PO creation for specific users/roles?
    For example:
    Valid Combinations:
    CC A1  GL 99
    CC B2  GL 88
    Scenarios:
    Create PO with A1, 99   -> Allowed
    Create PO with B2, 77  -> Not Allowed
    I've found a related post, but not exactly my requirement - any other thoughts?  Or has anyone done this themselves?
    Authorisations - User Profile for purchasing - restrict by cost centre

    Use the user exit MM06E005 to control the CC and G/L for user dependent.
    to do that - ask ABAPer to create the custom table for user, CC and GL combination and let teh user exit read the combination from the table and give a error or warning based on your requirements.

  • BW Roles and profiles Tables

    I would like to download a list of all users and what roles and profiles each has.  I did it once before but now I can't remember the table names.  Can anyone help?

    Hi,
    Roles:
    SAP_BW_DEVELOPER
    Profile:
    SAP_ALL
    S_BW_D____
    S_BW_D____1
    Authorizations are
    S_Rs_Admwb_a
    S_rs_adw_a
    S_rs_exp_a
    S_rs_wb_all
    Links for user roles:
    http://help.sap.com/saphelp_nw2004s/helpdata/en/52/6714b6439b11d1896f0000e8322d00/content.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/42/271d24d86211d2961a0000e82de14a/content.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/e4/15e48efd6c11d296430000e82de14a/frameset.htm
    http://help.sap.com/saphelp_erp2005vp/helpdata/en/d3/559a4271c80a31e10000000a1550b0/frameset.htm
    http://help.sap.com/saphelp_erp2005vp/helpdata/en/4e/52b74065448431e10000000a1550b0/frameset.htm
    For profiles and authorisations:
    http://help.sap.com/saphelp_nw2004s/helpdata/en/52/67151e439b11d1896f0000e8322d00/frameset.htm
    http://help.sap.com/saphelp_erp2005vp/helpdata/en/20/efcbfed8a511d397110000e82de14a/frameset.htm
    Also chk this link..
    http://www.bwexpertonline.com/archive/Volume_04_(2006)/Issue_10_(Nov_and_Dec)/V4I10A2.cfm?session=
    screenshots..
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
    Hope this helps,
    regards
    CSM reddy

  • Su01 recreate old user - lost roles and profiles

    Situation: a person's sap account was deleted, but now that person needs it again with the same sap access as before
    when you recreate an old sap user account in su01,
    sap gives a message "found old user information, do you want to reacreate this".
    Press yess, then all is copied except roles and profiles (empty)....
    You can find them back via the menu : information<change dcuments for users.
    Is there a way to make sure that roles (and/or profiles) are instantly copied from the old records of the sap account (like
    the name, email user group, user parameters, etcetera)?
    Regards,
    ABC

    No. There is no such feature.
    The solution is not to delete the user but rather lock the ID and move it to a "retired" user group where it is protected. From there you can restore it again easily.
    Cheers,
    Julius

  • Table  for User Status Profile

    hi
    Please tell anybody what is the table for User Status Profile in Sales Orders? where it will stores?
    Regards
    Rajendra

    Hi,
    Use table JEST
    Here you will have to enter the object number as an input field
    Get object number from table VBAK or VBAP based on whether the status profile is attached at sales order header or at sales order item.
    Status which is active will start with letter E and the status inactive flag will be blank.
    Regards
    Ravi

  • IDOC for roles and profiles

    Hi Guru.
    I need this: I wish to export the new and the modified roles and profiles to an external non-SAP system. This non-SAP system is able to receive iDoc message.
    Is it possible? Can I find n the SAP system the change point and the iDoc to do this?
    Regards
    Manuel Chiarelli

    not for roles. no. you can:
    transport them
    up-/download them
    RFC-copy them
    but not idoc them.

  • ABAP User Roles and Query for accessing particular T- codes and Reports

    dear Gurus
    I have one problem, i want to know about ABAP User Query ,i have one requirement my user wants to Lock all the HR Std versus Customized reports in T- code SQ01,other department peoples also see the Payslips and Hr personal reports which is harmfull to the dept so i want to Lock all the reports in Std T- code in SQ01 and i have created one Customized User Roles or Query in which the T-codes and Reports are assigned only those particular user can access the T-codes and Std reports .how can it be possible i dont have any idea about user roles and Queries .
    kindly help me out or send me some documents related to user roles and queries
    regards ritesh sharma

    Hi Ritesh,
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/103cafc2-7a64-2b10-14b3-eddb7d324561
    Regards,
    Flavya

  • User role and Authority-check ?

    Hello,
    Could you please let me know how are the differences between User role and Authority-check. In a program I do not use Authority-check , And The user is not assigned to user role which contain this transaction ( for this program), Can the user execute this transaction OR he must be assigned to user role which contain this transaction to execute it . Supposing that we do not use any Authority-check in then program.
    Thanks in advance

    Hello Martin,
    I think this answers the OP's question about user not being assigned the role which contains the trxn code. As you have explained in this case the default auth. check for S_TCODE will fail & user cannot execute the trxv. (If i remember correctly the tables for this are AGR_USERS & AGR_TCODES)
    Anyways just to add to the OP's query. Auth. objects are added to profiles which in turn assigned to roles. So if you implement the auth. object in your program the user must also subscribe to the role containing the auth. obj. profile to be able to execute it.
    @OP:
    The transactions PFCG & SUIM might interest you. Also the tables dealing with these stuffs begin with AGR*. You can check the tables for better understanding.
    BR,
    Suhas

  • Developing security Roles and profiles

    Hi Team,
    Can you guys let me know how to develop security roles and profiles. We are rolling out for a company in Japan, and the congif is completed. We are in the process of developing test cases ans also security roles and profiles for users? Can somebody guide and help me on this?
    Regards,

    Hi,
    Use Tcode = PFCG -->then create any customized roles and profiles for any users on module based.
    user masters: USR01 to 09, UST04,
    profiles: USR10, USR11, UST10S, UST10C,
    authorisations: USR12, USR13, UST12.
    password exceptions USR40.
    History tables(may not be applicable but FYI): users: USH02, USH04,
    profiles: USH10, auths USH12.
    R/3 Security Tcodes
    End User Transaction Code  Menu Path   Purpose
    SU3  System > User Profile> Own Data  Set address/defaults/parameters
    SU53  System > Utilities > Display Authorization Check  Display last authority check that failed
    SU56  Tools --> Administration --> Monitor --> User Buffer  Display user buffer
    Role Administration Transaction Code  Menu Path   Purpose
    PFCG
    Tools --> Administration --> User Maintenance --> Roles  Maintain roles using the Profile Generator
    PFUD   Work on SAP check indicators and field values
    Select: Copy SAP check IDu2019s and field values
    Installation
    1. Initial Customer Tables Fill
    Upgrade
    2a. Preparation: Compare with SAP values
    2b. Reconcile affected transactions
    2c. Roles to be checked
    2d. Display changed transaction codes
    SU24
    Same as for SU25:
    Select: Change Check Indicators > Maintain Check Indicators>Maintain 
    Regards,
    Srini Nookala

  • Security roles and profiles

    Hello,
    Could you please provide information on "security roles and profiles "
    I would appreciate.
    Regards,
    Alex

    Roles give you authorization to specific area of the system. Use TC pfcg and you will see different setting for a role.
    In specific Role -> Authorization -> click on Display Authorization Data.
    Here all specific InfoArea, Cube, ODS, Reporting componets: display, execute and other security rules are defined.
    User Section: defines who has access to this role.
    Multiple authorization are combined to create an Authorization Profile. You defined a profile at TC su01 and under profile section.
    Hope that helps.
    thanks.
    Wond

  • Table contain user name and tcode

    Dear Experts,
    Can you tell me which Table contained user name and tcode field?
    Thanks and Best regards,
    wilson

    You need to be even more carefull with parameter transactions.
    If SU24 is not maintained for them, PFCG will pull the proposals from the core transaction (via which the parameters are used in the skip screen feature...). If the core transaction has authority proposals for S_TCODE, then you will get those tcodes and their proposals as well.
    A carefull choice of menu objects (not only limited to Tcodes), taking heed of SU24 defaults and tuning it to meet your needs is the key. But it requires organizational discipline and good training, otherwise rather dont use it for anything other than important objects which you want to control manually only, even if your business roles are a mess.
    You can also restrict the authorizations of the security admins for example (as unpopular as that may sound... to segregate authorization concept development (SU24 etc), role building development (PFCG etc) and user administration (SU01 etc). Object S_USER_TCD also has a field called TCD...
    There are also other objects (as Dipanjan has pointed out) which have TCD as a field of an object which is not S_TCODE. In addition to I_TCODE, Q_TCODE, P_TCODE, see also S_IDOCMONI for example.
    To be honest I have given up on trying to find them all
    The easiest solution is to use the menu and maintain SU24 when the transaction is configured or the application is developed and tested. That is what SAP does as well in SU22. It is more work upfront, but more sustainable in the long run.
    If your users (and auditors) only see the menu (and use the SUIM --> Executable transactions) options, then you can get away with it in the short or even medium term. Latest when someone else need to maintain the roles they will hate it...
    My 2 cents,
    Julius

Maybe you are looking for

  • Animated GIF Export issues

    I have a simple Flash animation which I'd like to be made into a transparent GIF. When I do the GIF export, only the first frame of my movieclips (which are placed in the main timeline) get rendered. It seems like Flash only records the main timeline

  • Can i have two devices sharing one itunes account

    i currently have my iphone synced with my itunes account, i have just bought a ipod and want it to share the same itunes account, library etc, how do i do this without wiping it off my phone when ading the new ipod ??

  • Choppy video playback with FCP 6 and 5D footage already converted to Apple ProRes 422

    I am trying to edit a film I shot on the Canon 5D using FCP 6. I converted my raw files from the Canon 5D to Apple ProRes (HQ) . But as I try to work on the timeline everything is super choppy and drops frames constantly. I am trying to sync audio as

  • Zen Vision M not connecting

    ?I've searched through everything I could find here and tried them all, to no avail. Here's what's happened. My Zen Vision M (30 Gb) wouldn't start when connected to 3 different PCs I use it with. I figured it needed firmware update or something, so

  • How to populate form data in jsf

    Hi I have 2 questions about how to do things in jsf, i have been working with struts and so will give example of what i would do in struts I have a jsf page for login, when i authenticate the next screen is a table with bunch of data, Where do i popu