01-26-2014 8:25 AM
I want a way to copy one role to 60 diffrent roles
and each of these craeted new roles i want to change one authorization object with a diffrent values
for example the Orignal role Z:original
and the new roles will be:
Z:original 1
Z:original 2
Z:original 3
Z:original 4
the copied roles have one repeated authrization object called AUTH, this object should have a diffrent valueaccording to it's role
Z:original 1 -----> AUTH 1
Z:original 2 -----> AUTH 2
Z:original 3 -----> AUTH 3
Z:original 4 -----> AUTH 4
could you plesae help me with the best way to do that.
thank you,,
01-26-2014 5:14 PM
Hello
So you've got two actions to complete
1) copy a role
2) mass update authorization object in the created role
A first solution would be to download the source role and copy the generated text file.
You can then change in the copied files
- the role name
- the authorization object.
As stated there this method is not supported, as far as I know the structure of downloaded role is not documented.
Try this in a sandbox client and if roles are Ok transport them to the dev system.
An other way, fully automated but even less supported...
1) copy the source role using function module /SDF/PRGN_COPY_AGR
You can automate this using startrfc in a shell script (here a Windows version, far easier in Un*x).
for /l %x in (1, 1, 60) do (
startrfc -3 -h %SAP_Host% -s %system_number% -t -u %SAP_User% -p %SAP_user_pwd% -c %SAP_client% -F /SDF/PRGN_COPY_AGR -E SOURCE_AGR="Src_Role" -E TARGET_AGR="Des_Role%x"
)
Example for creating 60 role Zdummy** from role Zdummy
for /l %x in (1, 1, 60) do (
startrfc -3 -h SAP_HOST.domain.com -s 00 -t -u DDIC -p ddic_password -c 100 -F /SDF/PRGN_COPY_AGR -E SOURCE_AGR="ZDUMMY" -E TARGET_AGR="ZDUMMY%x"
)
Remark: as of kernel 7.20 startrfc program is not part of the SAP binaries, you must get it from SAP RFC SDK. (1581595 - rfcexec or startrfc fail after upgrade, 27517 - Installing RFCSDK)
2) update authorization object at DB level in table AGR_1251
Watch out, these commands are directly updating SAP data without any enqueue nor data validity control.
This should only be performed in a sandbox system and if your have some SQL knowledge.
Here is for example a query that updates in role ZDUMMY2 the value JOBACTION for object S_BTCH_JOB from '*' to 'LIST'.
update sapsr3.AGR_1251 set LOW='LIST' where LOW = '*' and object = 'S_BTCH_JOB' and FIELD = 'JOBACTION' and AGR_NAME = 'ZDUMMY2' and MANDT = '100';
commit;
It is even possible to change the valued based on the role last character as you asked
update sapsr3.AGR_1251 set LOW=decode(substr(AGR_NAME, length(AGR_NAME),1), '1', 'Value for ZDUMMY1', '2', 'Value for ZDUMMY2', '3', 'Value for ZDUMMY3', '4', 'Value for ZDUMMY4', 'Value for all others') where object = 'S_BTCH_JOB' and FIELD = 'JOBACTION' and AGR_NAME like 'ZDUMMY%' and MANDT = '200';
commit;
You will need to refresh SAP buffer after running the sql commands (type : /$TAB AGR_1251 in Ok Code zone).
3) you will need to regenerate the updated roles using transaction PFUD
Regards
01-26-2014 6:27 PM
Hi Mohd,
The Best & fast way to achieve this is SECATT Script.
1.in the tcode recording Copy the role from Z original role and at authorization tab maintain the value in authorization object.
after creating Script run it with your values. let me know in case of any issues
Regards
Kiran.S
01-26-2014 6:36 PM
Hi Kiran,
As far as I remember (i did test quite a long time ago) CATT cannot manage popups, and changing an authorization field is done through a popup, so I'm afraid it cannot be used there.
This might be possible using SAPGui scripting only.
Regards
01-27-2014 5:20 AM
Hi,
When we are talking about same authorization object in all Role why can we give the autho object field values in our input file (excel) .
or
In the script after authorization tab execute manually then generate the profile and come back again script starts for next role
Regards
Kiran.S