thank you!

first tests with ecatt seems to show that it is not possible to automate role derivation with all my organizational structures as authorizations values...

may be do i miss something?

best regards

Hi Olivier,

Its possible to create derived roles with different ORG values using SECATT.

I have done it for my one of my projects, the trick lies in parameterising the fields.

I dont prefer simulation while parameterising instead I browse through each screen name under DYNPRO in command editor.

With regards to the ORG values you have to be careful while playing with Low and High values.

Let me know if you need any further help.

Thanks.

Regards,

Muthu Kumaran KG

Thanks to all for your very useful replies!

i'm not familiar with SECATT but will take a look on what's possible. Any clue would be greatly appreciated!

at first sight, i would prefer an ABAP program that does all the "magic".

Abhishek, could you tell me more about this program : was it difficult/long to create?

best regards

Hi Olivier,

More than difficult, its very interesting!

We had a cool ABAP'er. We gave the requirements and the tables. and he did a fantastic job. We got this program ready and tested within a couple of days. it takes an excel fie as input and after updating the derived roles, it generates the role too.

We found this to be a life saver for us. Let me know if you need any further info

-Abhishek

yes Abhishek, i'm very interrested with having further informations

is there a way for me to contact you directly?

best regards

Hi Olivier,

I am afraid, my help is limited to this forum.

However, I can help you with some ABAP logic :

Table AGR_1252 is used to store the ORG values of derived roles.

You can start working with an ABAP'er to get his coding magic started. Though I am not familiar with ABAP, I believe our ABAP'er debugged PFCG and knew what needed to be done. I have no clue what he did

the logic:

***********************************************************************

• Start of Selection

• Load information into internal tables for use in creating report

***********************************************************************

• Upload the Organsational Changes Spreadsheet

• Ensure Roles exist and there are no duplicates

• Ensure Organistional levels exist and there are no duplicates

*Checks if the file exists

• Role must exist

• Ignore duplicate roles

• Authority Check Role for user

IMP Logic checks-

• For Add High range of Role must be greater than low range

*...if adding specific ranges - remove existing * or space entry if it

• exists

*...if adding * access remove other accesses if they exist

*Process All Org Levels for each role

• ...submit report to generate profiles

You can start working with your ABAP'er with this logic.

*Disclaimer* - this may need enhancements to meet your requirements. Also, I have just put the logic what I could remember at the top of my head. I may have missed something.

Hope it helps

Abhishek

thanks a lot Abhishek for those details and the time you took for me

it's an excellent starting point

best regards