Google

Sap Basis Questions

Friday, February 8, 2008

How can I check all the Organization value for any role?

Q. How can I check all the Organization value for any role?


A. Execute SE16N

Table AGR_1252

Role Type in the role here and hit execute.

You can always download all the information to spreadsheet also using

How to find out all the derived roles for one or more Master (Parent) roles?

Q. How to find out all the derived roles for one or more Master (Parent) roles?


A. Execute SE16N

Table AGR_DEFINE



Use either agr_name field or Parent_agr field.

How to find out all the roles for one composite role or a selection of composite roles?

Q. How to find out all the roles for one composite role or a selection of composite roles?



A. Execute SE16N



Table AGR_AGRS

Composite roles You can put multiple composite roles using the more button

How to find out all the users who got SU01 ?

Q. How to find out all the users who got SU01 ?

A. You can use SUIM >User by complex criteria or (RSUSR002) to find this out.

Go to the Selection by Authorization Value.
In Object 1 put S_TCODE and hit enter.
And put SU01 in Transaction code and hit execute (clock with check) button.
I use authorization object, as you can use this to test any object.

How to find out all roles with T-code SU01?

Q. How to find out all roles with T-code SU01?

A. You can use SUIM > Roles by complex criteria or RSUSR070 to find out this.

Go to the Selection by Authorization Value.
In Object 1 put S_TCODE and hit enter.
And put SU01 in Transaction code and hit execute (clock with check) button.
I use authorization object, as you can use this to test any object.

You can also get this information directly from table, if you have access to SE16 or SE16N. Execute SE16N

Table AGR_1251
Object S_TCODE
VALUE (low) SU01

What is user buffer?

Q. What is user buffer?

A. When a user logs on to the SAP R/3 System, a user buffer is built containing all authorizations for that user. Each user has their own individual user buffer. For example, if user Smith logs on to the system, his user buffer contains all authorizations of role USER_SMITH_ROLE. The user buffer can be displayed in transaction SU56.

A user would fail an authorization check if:

* The authorization object does not exist in the user buffer.
* The values checked by the application are not assigned to the authorization object in the user buffer.
* The user buffer contains too many entries and has overflowed. The number of entries in the user buffer can be controlled using the system profile parameter auth/number_in_userbuffer.

What is difference between role and profile.

Q. What is difference between role and profile.
A. A role act as container that collect transaction and generates the associated profile. The profile generator (PFCG) in SAP System automatically generates the corresponding authorization profile. Developer used to perform this step manually before PFCG was introduced bySAP. Any maintenance of the generated profile should be done using PFCG.