Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AGR_USERS table content

Former Member

‎04-24-2013 10:39 AM

0 Kudos

Dear all,

I am currently working on authorization issues and in this context I am trying to understand how the AGR_USERS table is structured.

I am having trouble understanding what is the use of the fields :

- EXCLUDE (Field label being "Exclusive")

- CHANGE_TST (Field label being "UTC Time Stamp in Short Form (YYYYMMDDhhmmss)")

- ORG_FLAG (Field label being "HR Org Mgt")

Could anyone tell me by the use of which transaction the field is being updated in the table and in which context this information can be usefull.

Thank you in advance for your help.

Regards

Sanddie

8 REPLIES 8

Former Member

‎04-24-2013 3:47 PM

0 Kudos

hi Sanddie,

I can only give you a conclusive answer on one of your three questions. the ORG_FLAG indicates whether a role is assigned via OM instead of the usual assignment via SU01 or PFCG.  this is called indirect role assignment.

the CHANGE_TST field is indeed the UTC timestamp, but in the system I'm currently logged into this field is not populated for any role assignment.

I was not able to find any info for the EXCLUDE field. this is not populated for any entry in my AGR_USERS table either...

Message was edited by: Dimitri van Heumen

Former Member
In response to Former Member

‎04-25-2013 1:19 PM

0 Kudos

Hi Dimitri : that is great I will have a look at this indirect role assignement !

I just have one more field to go : does anyone have any idea of where this EXCLUDE field comes from ?

Thank you

Sanddie

Former Member

‎04-24-2013 6:30 PM

0 Kudos

HR Org Mgt is where the role is available to the user through position based assignment (they inherit the roles through the being assigned to an org structure which itself has access assigned to it).  Do a search on "position based security" for a bit more info.

The other fields? No idea

Former Member
In response to Former Member

‎04-25-2013 1:18 PM

0 Kudos

Hi Alex,

Thank you very much for this answer : two more fields to go !

Sanddie

mvoros
Active Contributor
In response to Former Member

‎05-31-2013 2:52 AM

0 Kudos

EXCLUDE should not be used by ABAP stack according to note 908563. But PRGN_J2EE_USER_GET_ROLES will ignore the roles with this flag set to 'X'. So it seems like you could use it to hide some roles from Java stack in case of dual stack installation.

The field CHANGE_TST is initialized few times in ABAP stack but I can't see any meaningful logic for this field.

Cheers

Former Member
In response to Former Member

‎06-03-2013 10:41 AM

0 Kudos

Hi Martin,

Thank you very much for this very helpful answer : I will have a closer look at the note 908563 !

Sanddie

fredrik_borlie
Contributor

‎05-31-2013 12:37 AM

0 Kudos

lI dont get it.

What authorization issues makes you analyse the table holding the content visible via the pfcg.

You can get even better help if you share your real issue with us.

Former Member
In response to fredrik_borlie

‎06-03-2013 10:43 AM

0 Kudos

Hi Fredrik,

I am working on mass analysis of the authorization meaning that I don't go through PFCG (too tidious) : I directly go to the table. This is why I need to understand the detailled structure of the tables.

Hope that helps you understand my question

Sanddie