restore Organisation field for authorization check

Former Member · ‎03-05-2012

I´ve got a role in which a organisation field is maintained normally.

Is there a Report which can detect the org-fields and repair them?

arpan_paik · ‎03-05-2012

 I´ve got a role in which a organisation field is maintained normally

You mean normally or manually?

Regards,

Arpan Paik

Former Member · ‎03-05-2012

sorry, I meam manually

arpan_paik · ‎03-05-2012

1st you need to collect all the technical name of org level field (refer table USORG). Then in table AGR_1251 restrict data to these fields only. Where ever you do not got a value not start with "$" is the data you need. Sort by value column can help you in that.

To fix this in the role beside the org level field you have a delete button. That will overwrite manually maintained values with NORMALLY maintained value in org level ;-). Careful you may loose data during this process, so may need to fix org level data at 1st place.

Regards,

Arpan Paik

Edited by: P Arpan on Mar 5, 2012 8:21 PM

Former Member · ‎03-05-2012

Hi

There is a program (AGR_ORGFIELD_RESET) or such which can be run once the abused role has been indentified...

Kind regards

David

arpan_paik · ‎03-06-2012

I think the program name is AGR_RESET_ORG_LEVELS.

Regards,

Arpan Paik

Former Member · ‎03-06-2012

Well done that man!

martin_voros · ‎03-05-2012

Shameless plug. Check this [report|http://wiki.sdn.sap.com/wiki/display/Security/QAMetricsforRoleDesign] . The value in column '# of Mod. Org.' tells you have many org. fiels have been manually modified in a security role.

Cheers

Former Member · ‎03-09-2012

Hi Martin

Thanks for the report which also throws up wildcards as an added bonus - very nice!

Kind regards

David