Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

How to retrieve just directly assigned roles remotely

JRunge
Discoverer
0 Kudos

Hello,

We have to analyze the structure of composite and single roles externally (via Java - JCo middleware). Is there a simple way to extract just directly assigned roles? The BAPI function modules BAPI_USER_GET_DETAIL or BAPI_USER_LOCACTGROUPS_READ return all roles without differentiation of directly assigned roles and indirectly assigned roles (through composite roles). I see no distinction in the results.

Best regards,

Jens Runge

5 REPLIES 5

Former Member
0 Kudos

Hi,

AGR_USERS COLLFLAG = X denotes that a role has been assigned via a composite role so if COLLFLAG NE X then that will give you the roles that are directly assigned. It will still tell you the composite roles that have been assigned, but not the child roles that sit under there.

To be honest I've not looked into any of the user management BAPI's to see how this scenario is treated so I can't advise from that point of view.

martin_voros
Active Contributor
0 Kudos

Hi,

you can use RFC enabled FM PRGN_ROLE_GETLIST to get a list of all roles. It has an input paramter COLL_OR_SINGLE_ONLY which can be used to restrict to (C)omposite or (S)ingle roles. It's not a BAPI but it's mentioned in [SAP documentation|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/668e6629-0701-0010-7ca0-994cb7dec5a3?quicklink=index&overridelayout=true] as a proper way of obtaining a list of roles.

Cheers

0 Kudos

Martin,

I was checking out the document, I was curious to know if this was a developer/security members activity or its a combination of both?

0 Kudos

Hi,

I am not sure if I understand your question but I have no idea who is author of that document. For me it's just a really good technical documentation written by SAP. It's a good example how API documentation should look.

Cheers

0 Kudos

Martin,

The document refers more towards BAPI and API and its related to SAP IDM.

its a very good document you have linked.