Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Comparing Authorization Objects between old and new tcodes in menu

MaheshKumar
Contributor

‎08-27-2011 7:15 AM

0 Kudos

Hi All,

As per our requirement we have re organized our role. Its nothing but we have added all tcodes of other role to one role. Adding tcodes is done.

Now we need to compare authorization objects for newly added tcodes roles with old roles tcode auth object.

As one tcode might have about 7-8 auth objects average. Comparing each object for about 90-130 t codeswill become very tedious job. I would like to know is there any way to reduce the efforts or can i automate this thing

ur suggestions are highly appreciable.

Thanks in advance

Edited by: Julius Bussche on Aug 27, 2011 9:06 AM

Subject title improved and "help" removed.

4 REPLIES 4

Former Member

‎08-27-2011 8:21 AM

0 Kudos

What you are doing is a good thing, although the number of tcodes seems to be close to the upper limit. Still well done!

A makeshift "data browser" way of doing this would be to get a list of the old objects in the role (AGR_1251) and then enter them into the select-options field Object of table USOBT_C as "Excluding single values" and in the Name field enter your new 130 tcodes. Then filter on the objects returned and in the F4 help on the filter it will delete the adjacent duplicates --> that is your list.

This will however not tell you which object instances will be merged with each other and which could be merged with each other....

...so the "full monty" on what the impact will be would be to execute the read old merge merge new function, read the new and updated authorization instances from the authorization data and exit without saving. Then from the data work out what really is uniquely new, what has been merged and what could be merged if maintained correctly.

I have often enough had to do this so built a tool which does it accross large sets of roles and calculates where SU24 can be optimized and where the role quality can be improved. Trick is to be able to run such things before making the changes and latest before releasing transports with roles in them (there is a BADI in the STMS which can be used to automate these types of checks).

Cheers,

Julius

arpan_paik
Active Contributor

‎08-29-2011 9:25 AM

0 Kudos 
 become very tedious job

It is supposed to be so compare to what you are trying to achieve below.

 As per our requirement we have re organized our role

As you are merging more role to one so consider below steps for each merging.

1. merge role menu (which you are already done with)

2. Enter authorization with expert mode (edit old status) and insert authorization from profile for all the roles to be merged. Generate profile. Note here all objects are in manual status.

3. Now again enter authorization with expert mode (merge staus). Now you maintain standard only (maintained, changed depending on scenario). Take values from manual object tree and delete them once you are done with value copy.

I think that will save you lot of excel/typo/alt-tab work

Edited : Back check - enter all your single role merged to a composite role and compare that with the new single role to check the authorization value during QA review (if you have anything like that)

However I feel that you are moving to user specific role. The idea might sounds great to reduce number of role. But beaware of lot of changes from dev to prod for every new requirement for user (even cosmetic one).

Regards,

Arpan Paik

Edited by: P Arpan on Aug 29, 2011 1:56 PM

Former Member

‎08-29-2011 1:25 PM

0 Kudos

Did you try the program RSUSR050 or transaction S_BCE_68001777?

Edited by: Shekar.J on Aug 29, 2011 2:25 PM

Former Member
In response to Former Member

‎08-29-2011 8:45 PM

0 Kudos

I also thought of that but the source role would need to be changed first and generated, so to simulate a change before making it would need an up-to-date sandbox (also SU24 should be up-to-date there and consistent with DEV) or you need to copy each role,

Often that is the problem (in addition to the remote comparison overview status and navigation).

I found it worthwhile to create a simulation tool and run it against a large set of roles, as output into ALV lets you also perform other checks against the differences.

For example:

- How many auths will be merged in the set.

- How many auths could be merged in the set.

- How many auths can be optimized in SU24 because they have the same maintained values.

- etc...

Cheers,

Julius