03-01-2007 9:43 PM
Hi Folks
I would need some ideas with respect to the following
I would like to know changes made to the following
1. Organizational levels,
2. Changes to roles (by means of addition or deletion of tcodes)
3. Manual addition of objects to a role
4. Change of Auth Field values for an object.
I would like to have this information on a on-demand basis, In the sense I would like to have some kind of a report which I can query to have this information as and when required.
I am aware of the AGR tables however am not sure about the relationship one has with another.I have a feeling that one can pull out details from these tables... however dont exactly have a exact way to do it...
Could you please share your thoughts on how I can approach this.
best regards
Ravi
03-01-2007 9:47 PM
Ravi,
Have you run the change document reports in transaction SUIM? It provides for most of what you are looking.
Cheers,
Ben
03-01-2007 9:55 PM
Ravi,
Most of the change doc information is contained in tables such as CDHDR, USH* and objects such as CDCLS.
Cheers,
Ben
03-04-2007 8:13 PM
Hi Ben
I have tried the change documents, however for some reason have not found them very reliable. I would have a look at those tables and let you know.
thanks anywayz
Ravi
03-05-2007 7:35 AM
Hi Ravi,
You can actually access change Documents in SUIM to extract a report on the changes made to Role, Filed Values, etc...
But if you want to extract a report using tables, you can go for AGR* tables such as:
AGR_1251 Authorization data for the activity group
AGR_1252 Organizational elements for authorizations
AGR_AGRS Roles in composite role
AGR_TCODES Assignment of roles to Tcodes
AGR_USERS Assignment of roles to users
You can also write a Infoset Queries using SQ01, SQ02, SQ03 which would help you in getting a report from more than 1 Table at once.
Thanks & Regards,
Santosh
03-05-2007 7:22 PM
HI Geek,
Whatever you want to do investigation or any query go to transaction SQVI and select AGR tables and join them and run the query as you want. You can run whatever report you want. You can every solution in ths SQVI. Check it and don't forget to this to vote me
03-05-2007 9:48 PM
We are not on Netweaver yet, but I doubt this has changed...One caution, if you use SQVI or SQ01/SQ02 to join tables, you can't join AGR_USERS and PA0105 on userid because they use different field names & sizes. We got around it by having our ABAP group give us a custom table view...because they can choose to ignore the warning that it gives them. Only takes a few minutes for them to do and it gave us a whole new range of queries we could do.