07-26-2010 9:20 AM
Hello,
We have to analyze the structure of composite and single roles externally (via Java - JCo middleware). Is there a simple way to extract just directly assigned roles? The BAPI function modules BAPI_USER_GET_DETAIL or BAPI_USER_LOCACTGROUPS_READ return all roles without differentiation of directly assigned roles and indirectly assigned roles (through composite roles). I see no distinction in the results.
Best regards,
Jens Runge
07-26-2010 9:39 AM
Hi,
AGR_USERS COLLFLAG = X denotes that a role has been assigned via a composite role so if COLLFLAG NE X then that will give you the roles that are directly assigned. It will still tell you the composite roles that have been assigned, but not the child roles that sit under there.
To be honest I've not looked into any of the user management BAPI's to see how this scenario is treated so I can't advise from that point of view.
07-26-2010 11:16 AM
Hi,
you can use RFC enabled FM PRGN_ROLE_GETLIST to get a list of all roles. It has an input paramter COLL_OR_SINGLE_ONLY which can be used to restrict to (C)omposite or (S)ingle roles. It's not a BAPI but it's mentioned in [SAP documentation|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/668e6629-0701-0010-7ca0-994cb7dec5a3?quicklink=index&overridelayout=true] as a proper way of obtaining a list of roles.
Cheers
07-27-2010 10:17 PM
Martin,
I was checking out the document, I was curious to know if this was a developer/security members activity or its a combination of both?
07-28-2010 12:40 AM
Hi,
I am not sure if I understand your question but I have no idea who is author of that document. For me it's just a really good technical documentation written by SAP. It's a good example how API documentation should look.
Cheers
07-28-2010 8:16 PM
Martin,
The document refers more towards BAPI and API and its related to SAP IDM.
its a very good document you have linked.