Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Diff in No of Tcodes beteween SUIM & AGR_Tcodes

Former Member

‎09-26-2006 5:55 PM

0 Kudos

I am getting a difference in number of transactions for a role that I compare throug Table AGR_Tcodes and SUIM report (Transactions executable for a role).Any suggestions please.

Thanks.

6 REPLIES 6

Former Member

‎09-26-2006 9:21 PM

0 Kudos

Hi,

If a Tcode is added via the Menu during role creation, then they are available in both the places. If a Tcode is added manually in the auth object S_Tcode then they form the difference delta.

we experienced the same a few times and i think SUIM misses such Tcodes entered manually.

Br,

sri

Former Member

‎09-27-2006 10:49 AM

0 Kudos

Hi Mirza,

As rightly pointed out by raghu it is because the missing transaction codes would be the ones that are added tov the role through authorization object s_tcode and not through role menu. This is normal because agr_tcodes will only show data for transaction added in role menu. it will not show transactions not present in role menu.

You must check in SUIM for role tranaction mappings.

Please award points if this anwer was ueful for you.

Regards.

Ruchit.

christian_wippermann
Explorer

‎09-27-2006 1:10 PM

0 Kudos

Hi,

correct. If you want to get all, you can as well use the "Complex search criteria" and use object S_TCODE. Then you get both: standard and manually added.

However, you might want to consider removing manually added S_TCODEs anyway. It leads to manually added other objects. Which leads to roles that you will find hard to maintain soon. Please try to insert transactions to the role menu and use SU24 to maintain the authorizations required for the transactions. In a best practice scenario you would end up with only "standard" and "maintained" objects.

Cheers,

Christian

Former Member

‎09-27-2006 1:15 PM

0 Kudos

Hi,

As already pointed out, if you run the SUIM report - RSUSR070 - this will show you tcodes that have been set up via the menu of PFCG. Tcodes can be entered manually through the authorization tab in S_TCODE or there can be a range entered here. Table AGR_1251 will show you the tcodes values that are entered into the S_TCODE manually. Table AGR_HIER will show you the values entered into the PFCG menu tab.

Regards, JC

Former Member
In response to Former Member

‎12-12-2006 4:20 AM

0 Kudos

Hi,

Could you please clarify..

For example - If I wanted <b>complete</b> list of Roles having SU01. What should I do?

Should use SUIM and query Roles based on SU01 Tcode? Will querying AGR_HEIR will give same result?

Should use AGR_1251 / AGR_TCODES table? Will this table list all Tcodes in the S_TCODE ? or <b> only</b> Manually entered one?

Need a complete list of Roles having SU01...Please help!!

Thanks !!!

Former Member
In response to Former Member

‎12-12-2006 4:35 AM

0 Kudos

If you wanted to find out all roles that can start the transaction SU01 you can either:

SUIM: Roles -> by Authorization values and enter in S_TCODE TCD=SU01 or

Tables AGR_1251: Object = S_TCODE, Low=SU01

If you wanted to find out all of the roles that have SU01 in the role menu then:

SUIM: Roles -> by transaction and enter in SU01 or

Tables AGR_TCODES: TCODE = SU01

Note, that the second option will not list roles that have had SU01 manually inserted into the S_TCODE authorisation object. So, it depends on whether or not you are looking for roles that have SU01 in by design, or roles that have SU01 regardless of design (for an audit for example).

Also note, that this doesn't include the fact that a role may be able to execute SU01 due to wildcards or ranges such as TCD = SU* or TCD=PFCG to ZABC