Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Copy Role in SAP

Former Member
0 Kudos

I want a way to copy one role to 60 diffrent roles

and each of these craeted new roles i want to change one authorization object with a diffrent values

for example the Orignal role Z:original

and the new roles will be:

Z:original 1

Z:original 2

Z:original 3

Z:original 4

the copied roles have one repeated authrization object called AUTH, this object should have a diffrent valueaccording to it's role

Z:original 1 -----> AUTH 1

Z:original 2 -----> AUTH 2

Z:original 3 -----> AUTH 3

Z:original 4 -----> AUTH 4

could you plesae help me with the best way to do that.

thank you,,

4 REPLIES 4

ACE-SAP
Active Contributor
0 Kudos

Hello

So you've got two actions to complete

1) copy a role

2) mass update authorization object in the created role

A first solution would be to download the source role and copy the generated text file.

You can then change in the copied files

- the role name

- the authorization object.

Check post

As stated there this method is not supported, as far as I know the structure of downloaded role is not documented.

Try this in a sandbox client and if roles are Ok transport them to the dev system.

An other way, fully automated but even less supported...

1) copy the source role using function module /SDF/PRGN_COPY_AGR

You can automate this using startrfc in a shell script (here a Windows version, far easier in Un*x).

for /l %x in (1, 1, 60) do (

startrfc -3 -h %SAP_Host% -s %system_number% -t -u %SAP_User% -p %SAP_user_pwd% -c %SAP_client% -F /SDF/PRGN_COPY_AGR -E SOURCE_AGR="Src_Role" -E TARGET_AGR="Des_Role%x"

)

Example for creating 60 role Zdummy** from role Zdummy

for /l %x in (1, 1, 60) do (

startrfc -3 -h SAP_HOST.domain.com -s 00 -t -u DDIC -p ddic_password -c 100 -F /SDF/PRGN_COPY_AGR -E SOURCE_AGR="ZDUMMY" -E TARGET_AGR="ZDUMMY%x"

)

Remark: as of kernel 7.20 startrfc program is not part of the SAP binaries, you must get it from SAP RFC SDK. (1581595 - rfcexec or startrfc fail after upgrade, 27517 - Installing RFCSDK)


2) update authorization object at DB level in table AGR_1251

Watch out, these commands are directly updating SAP data without any enqueue nor data validity control.

This should only be performed in a sandbox system and if your have some SQL knowledge.

Here is for example a query that updates in role ZDUMMY2 the value JOBACTION for object S_BTCH_JOB  from '*' to 'LIST'.

update sapsr3.AGR_1251 set LOW='LIST' where LOW = '*' and object = 'S_BTCH_JOB' and FIELD = 'JOBACTION' and AGR_NAME = 'ZDUMMY2' and MANDT = '100';

commit;

It is even possible to change the valued based on the role last character as you asked

update sapsr3.AGR_1251 set LOW=decode(substr(AGR_NAME, length(AGR_NAME),1), '1', 'Value for ZDUMMY1', '2', 'Value for ZDUMMY2', '3', 'Value for ZDUMMY3', '4', 'Value for ZDUMMY4', 'Value for all others') where object = 'S_BTCH_JOB' and FIELD = 'JOBACTION' and AGR_NAME like 'ZDUMMY%' and MANDT = '200';

commit;

You will need to refresh SAP buffer after running the sql commands (type : /$TAB AGR_1251 in Ok Code zone).

3) you will need to regenerate the updated roles using transaction PFUD

Regards

Former Member
0 Kudos

Hi Mohd,

The Best & fast way to achieve this is SECATT Script.

1.in the tcode recording Copy the role from Z original role and at authorization tab maintain the value in authorization object.

after creating Script run it with your values. let me know in case of any issues

Regards

Kiran.S

0 Kudos

Hi Kiran,

As far as I remember (i did test quite a long time ago) CATT cannot manage popups, and changing an authorization field is done through a popup, so I'm afraid it cannot be used there.

This might be possible using SAPGui scripting only.

Regards

0 Kudos

Hi,

When we are talking about same authorization object in all Role why can we give the autho object field values in our input file (excel) .

or

In the script after authorization tab execute manually then generate the profile and come back again script starts for next role

Regards

Kiran.S