Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

role comparison

Former Member

‎06-17-2008 4:53 PM

0 Kudos

Hi Security experts

The scenario is like this, there are two persons A and B, A has around 75 roles and B has around 20 roles, if I want B to have same setup like A, then B should also have 75 roles, Is there any comparison tool in SAP security perspective to compare what roles person B is missing and give those remaining 55 roles which person B is missing ? I think comparing Manually is tedious job.

Please advise

Regards

Renu

8 REPLIES 8

Former Member

‎06-17-2008 5:33 PM

0 Kudos

Hi Renu

You should be able to do this using transaction code SUIM which has a comparison option towards the bottom. You can do comparisons between users, roles and other criteria.

Hope this helps

Nigel

Former Member

‎06-17-2008 5:48 PM

0 Kudos

Renu,

You can use the table AGR_USERS, download the roles of user A and user B to an Excel file and then filter it. You would basically get the difference between the two. I'm not sure if this is an easier option. If you have a handful users, this should be manageable.

You can also specify all the usernames you need if you use SE16n.

Kunal

Former Member

‎06-17-2008 8:02 PM

0 Kudos

Hi,

I guess this more of Excel work..

Above solution works..

A function in excel vlookup can help u out..

Regards,

Ajit

Former Member

‎06-17-2008 9:53 PM

0 Kudos

Renka,

You can go the transaction SUIM and there is a node for comparision..expand the node and check what you wish to use.

But out of curiosity---> what are these 75 roles about !! I am about certian that the user is over authorized ....

Former Member
In response to Former Member

‎06-17-2008 10:19 PM

0 Kudos

> goreg G wrote:

> But out of curiosity---> what are these 75 roles about !! I am about certian that the user is over authorized ....

That was my initial thought as well. An alternate option is to use composite roles to hide it.

Julius

Former Member
In response to Former Member

‎06-18-2008 12:57 AM

0 Kudos

yeah.. too many roles.

However, if you still want to achieve this , you can make SAP to run a Vlookup too for you

Select the roles of user B in AGR_USERS, (in this case 20) then enter this set of roles in another session of AGR_USERS as a 'exclusion' of selection of single values, and enter user A

OLA! you get the roles that are assigned to A but not to B! that is 55

Cheers!

Abhishek

Former Member
In response to Former Member

‎06-18-2008 11:03 AM

0 Kudos

Yes. There is also a nifty little green "import from file" and grey "paste" clipboard to go beyond the 8 line limit

Cheers,

Julius

Former Member
In response to Former Member

‎06-18-2008 12:11 PM

0 Kudos

> 

> Yes. There is also a nifty little green "import from file" and grey "paste" clipboard to go beyond the 8 line limit 
> 
> Cheers,
> Julius

I found that out after spending a day cutting & pasting into USR40 many years ago