Kontakt

Ansicht
Dokumentation

PFCG_MASS_TRANSPORT - Role Transport

PFCG_MASS_TRANSPORT - Role Transport

CL_GUI_FRONTEND_SERVICES - Frontend Services   CPI1466 during Backup  
This documentation is copyright by SAP AG.
SAP E-Book

Description

You use this program to record roles to transport requests. This can only be done in a dialog, not in the background.

Requirements

Recording is only possible if the following prerequisites are met:

  • The executing user must have start authorization for transaction PFCG (authorization object S_TCODE). If not, the program will not start.
  • The roles must exist in the current client and have technically correct type definitions (single role or composite role). You can repair roles without a type definition automatically by navigating to transaction PFCG (see SAP Note 1723881).
  • The executing user must have transport authorization (object S_USER_AGR, ACTVT = 21) for the selected roles and their imparting roles.

Selection

In addition to the standard selection for roles, the selection screen allows the user to determine the following optional transport items by selecting checkboxes ("Optional Components" box):

  • Single roles in composite roles (default setting: active)
If you select this option, all single roles contained in the selected composite roles are automatically added to the request. Otherwise, only the composite roles themselves are added.
You can deactivate this option system-wide by setting the switch SGL_ROLES_TRANSPORT to NO in table PRGN_CUST.
  • Generated profiles of the single roles (default setting: active)
You can use this option to determine whether the selected and automatically added single roles are transported with their generated authorization profiles. To deactivate the transport of generated profiles, set the switch PROFILE_TRANSPORT in table PRGN_CUST to NO.
  • Personalization data (default setting: active)
To deactivate the transport of personalization data, you can set the PERSDAT_TRANSPORT switch in the table PRGN_CUST to NO.
  • Direct user assignments (default setting: inactive)
All direct user assignments for the selected and automatically-added roles are also transported. Indirect assignments from composite roles or HR organizational management are not taken into account. Note that the import of user assignments replaces all previous direct assignments in the target client.
The user assignments are not imported into a target client if:
  • The client is part of a Central User Administration (central system or child system)

  • The target system is globally locked against the import of user assignments because switch US_ASGM_TRANSPORT in table PRGN_CUST has been set to NO.

In certain conditions, the following additional options are available:

  • If the Customizing switch CLIENT_SET_FOR_ROLES in table PRGN_CUST is set to YES, you can select the option "No Recording, Status Display Only" in the "Test Mode" box, to simulate the recording of the selected roles (default: active). The simulation does not include the actual recording procedure, since it does not call the respective interface.
    If the test mode is active, the optional transport components are meaningless (with the exception of "Single Roles in Composite Roles").
  • If the client is connected to a Solution Manager system and the cross-system object lock (CSOL) of "Change and Request Management" (ChaRM) is active, you see the option "Separate CSOL Evaluation for Each Role" in the "Cross-System Object Lock" box (default: inactive). This makes it possible to record roles that are not affected by object locks. Otherwise, the recording of roles that are not affected would fail if they were to be written to the same request as the globally locked roles.
    If test mode is active, selecting this option has no effect.

For more detailed information about the preceding two options, see SAP Note 1723881.

Features

If the prerequisites mentioned above are met, the mass transport records the selected roles as follows:

  • The imparting roles of derived roles are included automatically.
  • If the "Single Roles in Composite Roles" option is active, the recording of a composite role only takes place if all its contained single roles can be written to the same request.
  • If only one open request is allowed per role because the global Customizing setting CLIENT_SET_FOR_ROLES = YES, the existing role recordings influence the result of the mass transport. The program determines automatically which requests to use and any request conflicts.
    For more information, see SAP Note 1723881.

Standard Variants

When transporting a role using the transport function on the initial screen of transaction PFCG, one of the following standard variants is used, depending on the role type:

  • Single Role: SAP&SINGLE_AGR
    By definition, the option to transport single roles in composite roles cannot be selected in this variant.
  • Composite Role: SAP&COMP_AGR

Neither variant permits manual role selection. In both cases, the role entered on the initial screen of PFCG is automatically used.

Output

At the end of the program, a status log is displayed. The log has one line for each role, with the exception of composite roles whose recording has failed because of problems in several of its contained single roles. If CLIENT_SET_FOR_ROLES = YES, the log contains the additional column "Request". The request numbers in this column stand for successful recordings in normal mode or obligatory request numbers in test mode.

The number and meaning of the various statuses are different in normal and test mode:

Normal Mode

  • Green
    The role was recorded successfully or had already been recorded before the current program was run.
  • Yellow
    The role itself was recorded successfully but not all required optional components were recorded. By clicking the text in the "Error Message" column, you can find out which components are missing and why.
  • Red
    Recording of the role failed or was not possible. The error message and the detailed information you get if you click the text provide information about the problem that occurred.

Test Mode

  • Green
    The role had already been recorded.
  • Yellow
    In test mode, there are two different cases that can result in a yellow status:
  • It was not possible to record the single roles in a composite role that had already been recorded. Again, to display more detailed information, click the error message.

  • Recording of a role was possible, but due to dependency on an existing recording it had to be recorded on the specified request. In this case there is no error message, to avoid confusion with the first case.

  • Red
    Recording of the role is not possible. To find out why, see the error message and click the text.
  • Neutral
    It is possible to record the role with a request of your choice. A green traffic light would not be appropriate because it is not possible to predict whether the recording will be successful.

Activities

Note that importing composite roles can make it necessary to adjust the indirect single role assignments of users in the the target client. This also applies for the profile assignments after the import of single roles with profile data. We therefore recommend that you perform a user comparison (transaction PFUD or report RHAUTUPD_NEW) with the comparison types "Profile Comparison" and "Compare Indirect Assignments from Composite Roles" ("Composite Role Comparison") in the target system after every import of roles. If the transport includes user assignments, the user comparison is essential. After importing single roles without profiles, you need to generate the profiles in the target client before the user comparison (transaction SUPC).






TXBHW - Original Tax Base Amount in Local Currency   CPI1466 during Backup  
This documentation is copyright by SAP AG.

Length: 8800 Date: 20240531 Time: 233316     sap01-206 ( 142 ms )