Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can I do a 'mass generation' of dervied roles?

Former Member

‎09-14-2007 7:44 AM

Hi,

I would like to find out if there is a way of doing a 'mass generation' of derived roles.

Once the users creates a few 100 derived roles (from various master roles) does he/she have to go through each master role in PFCG and select 'Generate Derived Roles' to generate the profiles in all the derived roles?

Thanks,

Dineish

7 REPLIES 7

Former Member

‎09-14-2007 7:50 AM

0 Kudos

If you are pushing through changes from the parent then yes, this has to be done for each one. If, for some reason, there are child roles in ungenerated status you could do a mass generate from transaction SUPC. This will not read in the data from the parent role though and defeats the purpose of derived roles.

You could probably create a CATT script to go into each parent & cascade the changes if you wanted to automate it

Former Member
In response to Former Member

‎09-14-2007 8:14 AM

0 Kudos

Hi Alex,

Thanks for the very (very) quick and useful response. I did think of doing a mass generation of profiles, but this defeats the purposes of derived roles.

In regards to your CATT Script technique.. Any suggestions on where I can start and how I can do it? Any useful links you are aware of for reading through it (Ideally in specific to Derived Role Generation) ?

I am a newbie to CATT Scripts, so any additional info will be appreciated.

Thanks.

Dineish

Former Member
In response to Former Member

‎09-14-2007 8:55 AM

0 Kudos

which version of SAP are you on? If you are on one of the ECC versions then there are a couple of things you have to do differently

There is a tutorial here which shows you how to create a user............ http://www.sapsecurityonline.com/tutorials/scat.htm

..........however the important bit is learning how to record the script & then you can adapt it to anything (generating derived roles will be much easier than the role create one)

Former Member
In response to Former Member

‎09-17-2007 7:39 AM

0 Kudos

Hi Alex,

Thanks for the further advise. I tried to create a test script following your advise and the link you provided. I am also almost there - I have got to the stage where going from one role to another is automated, however I cannot get the script to automate the generation of derived roles.

I noticed that when following the 'Entering parameters for a test case ' from the link you gave me, I can only see the Initial PFCG Screen. Display/Change Authorization screen doesn't seem to get recorded / logged in the test screen.

I.e : All screens with program SAPLPRGN_TREE is recorded, however all screens with program SAPMSSY0 is not.

I hope it makes sense.. Any suggestions on how I can automate the generation of derived roles tasks too ?

Thanks.

Dineish

Former Member
In response to Former Member

‎09-17-2007 7:45 AM

0 Kudos

In addition. The SAP released is 4.6c

jose_pedro_martinho
Discoverer

‎11-25-2021 10:02 AM

0 Kudos

This is something that should have been added a long time ago.

It makes no sense to have the feature "Mass Maintenance of Authorization Values" to change a non-organizational field in an object and then not being able to derive it to the child roles.

jurjen_heeck
Active Contributor
In response to jose_pedro_martinho

‎11-29-2021 9:10 AM

Hi Jose,

This has been fixed, report SUPRN_REGENERATE_DEPENDENT does this for you.

Hope this helps.

Jurjen