Kontakt

Ansicht
Dokumentation

RSUSR070 - Roles by Complex Selection Criteria

RSUSR070 - Roles by Complex Selection Criteria

Addresses (Business Address Services)   BAL_S_LOG - Application Log: Log header data  
This documentation is copyright by SAP AG.
SAP E-Book

Purpose

You can use this report to display role data in a client. When roles are selected by authorization values, only the profile data of the role is examined. If roles do not have a profile, the authorization data of the role is not analyzed as an alternative.

You can call the report and its variants by choosing the area menu nodes "User" -> "Roles by Complex Selection Criteria" in transaction SUIM. The variant "Roles by Complex Selection Criteria" covers all of the possible selection criteria.

Selection

To determine roles with particular characteristics, restrict the selection by making specifications in the fields. If you execute the report without making any specifications, all roles in the current client are displayed.

The first part of the selection screen, the Standard Selection, includes the same characteristics as the other reports in the User and Authorization Information System (transaction SUIM):

  • Role
  • Role Short Text
  • Description

  • Language Abbreviation

  • Display Long Text for the Role
  • Single Role
  • Composite Role
  • Only Obsolete Roles (Search for roles that are flagged as obsolete in PFCG)

Other search criteria:

Selection by user assignment:

  • All Roles Regardless of User Assignment
User assignment is irrelevant.
  • Without User Assignment
Only single roles that are not assigned to any users are found.
  • With Valid Assignment of User(s)
The report finds single roles that are assigned to the entered user name. If you do not specify a user name, all single roles that have at least one user assignment are found.
By default, the results list is a list of the roles that the report finds. If you want to display a list of the user/role assignments as the results list, select the option Display List of User/Role Assignments.

Selection by assigned applications in the menu:

  • Type of Application:
  • Transaction

  • Web Dynpro Application

The Web Dynpro applications defined in PFCG are stored in the tables AGR_HIER and AGR_HIERT. However, the analysis of RSUSR070 is based on the data in table AGR_TCODE, which transaction PFCG does not always write to at the same time as AGR_HIER[T]. If the data from AGR_HIER has not yet been updated in AGR_TCODE, you can remedy this by choosing Update Applications (Ctrl+F1).

Selection by profiles and authorization objects:

  • Profile Name
  • Authorization Object

Selection by Authorization Values

  • Always Convert Values
The selected values are converted in accordance with the conversion exit. SAP Note 667409 defined, for the maintenance of authorizations, that conversion exits are used in general for authorization fields. The indicator "Conversion for authorization fields allowed", which can be used in the authorization object maintenance tool (transaction SU21), has been ignored since then in the maintenance transactions PFCG and SU03. However, this object-related characteristic is still taken into account in the SUIM reports, meaning that there can be differences between the maintenance transactions and the information system in input field properties for an authorization field. In these cases, search variants entered in the information system do not take into account certain field properties (such as leading zeroes). If this checkbox is selected, the report runs field-related conversion exits even if the conversion is not permitted by the authorization object definition.
  • Authorization Object 1 (2, 3, or 4)
  • Authorization objects and their authorization values. After you have entered the authorization object, choose "Input Values" or press ENTER to expand the values fields for the possible authorization fields. A maximum of four authorization values can be entered for each authorization field.

  • Full authorization refers only to the authorization that is defined with an asterisk (*) (search pattern '#'). Authorizations that contain all possible values for a field are not taken into account for this search criterion.

  • If you enter the search pattern '#', the system finds only the authorizations for which the number of values for a field corresponds to the complete set of all possible values.
    The search for the complete set of all possible values is restricted to fields that have either domain fixed values or a check table. For fields with free value specifications, it is not possible to search for the complete set of all possible values.

Selection by field name:

  • Field Name
  • Value

Other selection criteria:

  • Created By/Changed By
  • Changed Since/Changed Until

List Formatting:

  • Title
A title for the result list, which can include parameters
  • Layout
A variant of the layout for the list output is defined before the report starts.
  • Display All Selection Criteria
In the default setting, only the first 15 selection criteria are displayed in the list header, for performance reasons. If, however, you want to display all selection criteria, select the checkbox 'Display All Selection Criteria'. Note that this can result in very long runtimes or runtime timeouts, depending on the number of selected selection criteria.

Standard Variants

By Authorization Object

  • SAP&_AUTH

By User Assignment

  • SAP&_BENU

By Change Data

  • SAP&_CHANGE

By Profile Assignment

  • SAP&_PROFIL

By Role Name

  • SAP&_STANDARD

By Transaction Assignment

  • SAP&_TRANSAKT

By Authorization Values

  • SAP&_VALUES

Output

For reasons of accessibility, the result list is output as an ALV list. The result list consists of the entries of the structure USAGR_ALV and contains the following fields:

  • Role
Name of the role
  • Type
  • Single Role

  • Composite Role

  • Name

You can display each row in vertical format by choosing "Display Entry (Ctrl+Shift+F3). You can open a PFCG window in display mode for the selected role by choosing the Display Detail button (F2), or by double-clicking a role name. You can display a list of all users to which the determined roles are assigned by choosing the User Assignment button (Ctrl+Shift+F5). You can display a user list for the selected users with the found role assignments by choosing the button In Acc. w. Select. (User/Role Assignment in Acc. w. Select.) (Shift+F10). This button is only available for selection by valid user assignment. To display the profiles generated for the selected role, choose the button Profile Assignment (Ctrl+Shift+F12). The Contained in Composite Roles button (Ctrl+Shift+F12) applies only to single roles and lists all composite roles in which the single roles are contained. For information about which single roles are contained in the selected composite roles, choose the next button, Contained Single Roles (Ctrl+Shift+F1). The other button, Transaction Assignments (Ctrl+Shift+F6) displays all transactions contained in the role menu.

Example

The report searches for all roles with which it is possible to execute transaction PP01 with the current plan (plan variant 01).

  1. In the User Information System, choose Role -> Roles by Complex Selection Criteria, or call transaction SA38 and run the report RSUSR070.
  2. On the "Selection by Values" tab page, for the first authorization object, enter the value S_TCODE in the "Authorization Object" field. Press the enter key and, in the field TCD Transaction Code, enter the value PP01.
  3. On the "Selection by Values" tab page, for the second authorization object, enter the value PLOG in the "Authorization Object" field. Press the enter button and, in the field PLVAR - Plan Variant, enter the value 01.
  4. Choose Execute (F8).






BAL Application Log Documentation   ABAP Short Reference  
This documentation is copyright by SAP AG.

Length: 10783 Date: 20240601 Time: 024536     sap01-206 ( 178 ms )