Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Role/Auths report

Former Member

‎04-22-2009 7:40 AM

0 Kudos

What is the best way to create a report of all the authorization field values for each of our Roles to allow the business to scan and verify the existing values?

6 REPLIES 6

jurjen_heeck
Active Contributor

‎04-22-2009 7:41 AM

0 Kudos

I suspect table AGR_1251 technically contains the information you require, but formatting that to something the business can understand will be a daunting task.....

Former Member

‎04-22-2009 8:14 AM

0 Kudos

Include the below mention tables in your report this tables will fulfill your requirements

usr21, usobt, agr_users, usobx, agr_1251

jurjen_heeck
Active Contributor
In response to Former Member

‎04-22-2009 8:23 AM

0 Kudos

> Include the below mention tables in your report this tables will fulfill your requirements

>

How and why? OP asked "all the authorization field values for each of our Roles "

> usr21

Has no relation to roles.

> usobt

Has no relation to the existing roles

> agr_users

Is about assignment, not role contents

> usobx

Has no relation to the existing roles

> agr_1251

Was already mentioned by me.

So please elaborate on the "fulfill your requirements".

Former Member
In response to Former Member

‎04-22-2009 11:22 AM

0 Kudos

Jurjen

as usual your last answer is completely correct.

Question here is primiraly what does one try to achive. There is NO ENDUSER who will understand the outcome of any tabel in the secuerity area whitout a lot of explanation.

So the better way to go is ASK the business what they want to know about the restrictions in the system. EXAMPLE no one from company A should be able to see SD data in company B etc.

and then translate this into technical soplution and do your onw invesatigation in thables AGR_1251, AGR_1252 and AGR_users as you can prove the exmpale in a combination of these tables.

In general use AGR_* and USR* /UST* tabels to investigate the system for this kined of requestes.

Also be aware that it normally is the AUDIT department who are worried about access controls as mostly business does not want any resctictions to be applied! Claiming that they can not do their work if resctrictions are applied

Former Member
In response to Former Member

‎04-22-2009 10:25 PM

0 Kudos

Agree with Auke, we have created a template (using AGR_125 and other tables providing list of tcodes and object description) rather translated them so they can understand the definitions and terms and it also helps a good documentation.

thanks

santosh kumar

Former Member

‎04-23-2009 12:47 AM

0 Kudos

David,

Once you finalise the requirement from the business likewise what specific details they want and what format, you can develop the report in the BSP or WebDynpro and display as HTML or with some better format.

We have developed the BSP based reporting structure which is basically extracting all required data from the tables and display as webpage, This can also be interactive and you can drive the report by inputs.

However to achieve this you need to be very specific what you want to display as by simply extracting all auth fields and auth objects will be a performance issue, same time technical terms may not make sense from Business prospective.