TCode per department and user

1
votes

I have a strange request from the business. They want a report where they give a tcode or tcodes and the program will check which department has this/these and which users.

OK, I have found a couple of tables like AGR_TCODES (Assignment of roles to Tcodes), AGR_USERS (Assignment of roles to users) and USER_ADDR (Users by address data) to find what I want.

My question is: if a user has access to a tcode that it does not belong to one of his role, how can we catch this?

For example: I have access to VA03 but none of my roles is connected to this tcode.

Is there any way to catch this?

3
abapsap-basis

3 Answers

5
votes

Try transaction S_BCE_68001397 (user selection based on permission values), select for permission object S_TCODE and the transaction as the permission value should give you the list you need. Transaction S_BCE_68001398 does the same, but doesn't allow you to query users for other permission objects.

The problem with these reports is that it might be either difficult or tedious to check for a large number of transaction codes. You could have a look at the source code of those transactions, report RSUSR002 and see if you can use the locally defined classes the reports use to query for multiple transaction codes and create a report based on your specific requirements.

2
votes

Yoy can use tables AGR_1251 and AGR_USERS.

AGR_1251 will give you the Roles with the S_TCODE object and the Value = tcode given by the user.

Then you go to table AGR_USERS and get the users for the role with the S_TCODE= tcode.

SELECT adr_users~UNAME
FROM AGR_USERS JOIN AGR_1251 ON AGR_USERS~MANDT = AGR_1251~MANDT 
                            and AGR_USERS~AGR_NAME = AGR_1251~AGR_NAME
WHERE AGR_1251~OBJECT = 'S_TCODE'
AND AGR_1251~LOW = param_tcode.

Hope this helps

0
votes

Finally with the help of Dirk Trilsbeek I found the solution to what I was looking for. Here is the selection:

  SELECT DISTINCT a~von e~ttext d~department d~bname d~name_first
                  d~name_last d~name_textc c~profile
      INTO CORRESPONDING FIELDS OF TABLE gt_tcode_per_dprtm_usr
    FROM ust12 AS a
      INNER JOIN ust10s AS b
        ON  a~auth = b~auth AND
            a~objct = b~objct AND
            a~aktps = b~aktps
      INNER JOIN ust04 AS c
        ON b~profn = c~profile
      INNER JOIN user_addr AS d
        ON c~bname = d~bname
      INNER JOIN tstct AS e
        ON e~tcode = a~von
    WHERE a~objct = 'S_TCODE' AND
          a~von   IN so_tcode AND
          e~sprsl = 'G'.

I want to thank all of you for your answers.