topic RHPROFL0 program in Application Development and Automation Discussions

RHPROFL0 program

Former Member — Wed, 07 Jun 2006 20:53:04 GMT

Hi, I'd like to know more about the program RHPROFL0

What does it produce ? We're having problems in authorizations of roles which have become "red".

Thks

Re: RHPROFL0 program

Former Member — Wed, 07 Jun 2006 21:03:27 GMT

Hi,

See the below link.. you know more about the Report Program RHRPROFL0

http://www.sap-img.com/human/structural-authorization-vs-role-authorization.htm

Thanks

Sudheer

Re: RHPROFL0 program

ferry_lianto — Wed, 07 Jun 2006 21:05:19 GMT

Hi Christine,

Please check below the program documentation.

Functions of Report RHPROFL0

Report RHPROFL0 creates authorization profile assignments for users in an organizational structure. A distinction is made between standard authorization profiles and authorization profiles for structural PD authorizations. In addition, user roles and their profiles are assigned.

Using the start evaluation path PROFL0 , the system finds and temporarily saves all users in the structure. Starting from these users, on a key date, the system reads all valid related objects for which infotype 0106 (standard authorization profile) and / or 1017 (authorization profile for structural PD authorizations) is maintained, up to the next highest organizational unit. This means that the superior organizational units are not taken into account.

The relevant object types are job (C), position (S), organizational unit (O), task (T), task group (TG), workflow template (WS), workflow task (WF), standard task (TS), work center (A), and responsibilities (RY). In addition, all user roles (AG) and their standard authorization profiles are included.

The system then checks whether the users found are already created in the system. This is necessary because in infotype 105 (subtype 0001) of a person, users can be entered that are not created in the system.

If a user is not yet in the system, it is automatically created. Then the system enters authorization profiles for all users found in the organizational plan.

You can check the results for the standard authorization profiles and user roles using transaction SU01 . The structural PD authorizations can be displayed using transaction OOSB .

Report Parameters

1. Start object

Starting from a Start object , the Evaluation path searches for all assigned users in the organizational plan. If you enter a user as start object, the system selects only that one user. The Key date is the date on which the relationships are evaluated. If the Testrun parameter is set, the system only finds and evaluates the authorization profiles, without assigning them to the corresponding users.

2. Generate authorization profiles

If the Generate standard authorizations parameter is set, the corresponding standard authorization profiles are changed. Likewise for the Generate PD authorization profiles parameter and the structural PD authorization profiles. If the respective parameter is not set, the authorization profiles assigned to the users remain unchanged.

3. Delete manually maintained authorization profiles

Standard authorizations

Caution: if the Delete standard authorizations parameter is set, all user profiles that were manually maintained via transaction SU01 are deleted and only the new authorizations that were derived from the organizational plan are reassigned. An exception is the SAP_ALL profile. If you want to delete this profile too, the Delete profile SAP_ALL must also be set.

If this parameter is not set (default setting), the system deletes only those authorization profiles originating from a user role that is no longer assigned to the user, according to the current organizational plan. These authorization profiles are also marked as generated profiles in transaction SU01 . All other manually maintained authorization profiles (infotype 1016) remain in existence.

Structural PD authorizations

Caution: if the Delete PD authorizations parameter is set, the system deletes all the structural PD authorization profiles that were manually maintained in table T77UA . This includes the delimited profiles. Note that a user that has no structural authorization profiles automatically gets the authorization profile SAP* (in other words authorization for all organizational objects). This profile, however, is not entered in table T77UA .

If the parameter is not set (default setting), the system deletes only those authorization profiles that were assigned via report RHPROFL0 , as these were marked by the new program.

4. Invalid users

If the Include invalid users parameter is set, the system also selects those users that are no longer valid on the key date, but that still exist in the system.

5. New users

If the Generate new users parameter is set, users are generated that were assigned to a person in infotype 105 (subtype 0001) but not yet created in the system. If the Transfer relationship period between person and user is also set, the new users are created with the same validity period that is maintained in infotype 105 (subtype 0001) for the person. If the parameter is not set, the new users are created from the key date to the latest possible date (31.12.9999). Over the User data parameter, the system assigns the Initial password and the User group .

Application Log

All messages that are generated during the profile comparison are saved in the application log. The application log is newly generated each time the report RHPROFL0 is run. You can display it by choosing theDisplay log(s) pushbutton, which is at the top of the output list.

If the report is planned in a batch job and automatically executed, the output list is printed out. In that case, you can see the application log by choosing transaction SLG1 . On the selection screen, enter 'RHPROFL0' as the Object . The Subobject and Ext. number fields remain empty.

Hope this will help.

Regards,

Ferry Lianto

Please reward points if helpful.

Re: RHPROFL0 program

former_member181966 — Wed, 07 Jun 2006 21:06:38 GMT

checkout

http://help.sap.com/saphelp_erp2004/helpdata/en/21/c0b83b5b831f3be10000000a114084/content.htm

http://sap.ittoolbox.com/groups/technical-functional/SAP-R3-HR/196389

http://www.sapfans.com/forums/viewtopic.php?p=61128&sid=087ba8138791f0e06376383d1d26f1b5

http://www.sapgenie.com/phpBB2/viewtopic.php?p=18694&;

http://help.sap.com/saphelp_erp2005/helpdata/en/db/bfb83b5b831f3be10000000a114084/frameset.htm

RHPROFL0 Report

Use

You can use this report to create authorization profiles for users within an organizational plan. This applies to standard authorization profiles and to authorization profiles for structural authorizations. In addition, this report assigns user roles and their profiles.

Features

Using the PROFL0 start evaluation path, the system searches for all users found in the structure and saves them temporarily. On a key date, starting from these users, the system reads all linked objects that have valid relationships at this point and for which the Standard Authorization Profile infotype (1016) and/or the Authorization Profile for Structural PD Authorizations infotype (1017) is stored. The system reads all such objects up to the next highest organizational unit. This means that the higher-level organizational units are not taken into account.

The relevant object types are jobs (C), positions (S), organizational units (O), tasks (T), task groups (TG), workflow template (WS), workflow tasks (WF), standard tasks (TS), work centers (A) and responsibilities (RY). In addition, all user roles (AG) and their standard authorization profiles are included.

Then, the report checks whether the users found have already been created in the system. This is necessary because in the Communication infotype (0105), subtype System user name (0001) of a person, users can be entered that are not created in the system.

If a user does not exist in the system, it is automatically created. The authorization profiles for all users found in the organizational plan are then entered.

You can check the results for the standard authorization profiles and user roles using the SU01 transaction. You can display the structural authorizations using the OOSB transaction.

For more information about this report, such as setting the report parameters, see the documentation for the RHPROFL0 in the SAP system.

Hope this’ll give you idea!!

<b>P.S award the points.</b>

Good luck

Thanks

Saquib Khan

"Some are wise and some are otherwise"

Re: RHPROFL0 program

Former Member — Thu, 31 Aug 2006 06:25:47 GMT

Hi everyone, not sure if I am in the right spot but I’ll ask the question. I have been tyring to have report RHPROFL0 update table T77UA automatically, I’m sure I am using the wrong Evaluation Path but at this stage am unsure. When I assign the user to the position via PPOME the report recognises the user, and will update table T77UA when I use the Evaluation Path, PROFL0

Within the Organisational structure the Person (P) already has a user (US) object assigned, so therefore I should not have to manually assign the (US object) to the Position level (S). How do I run report RHPROFL0 so it picks up the user assigned at the Person Level? running O-S-P returns the error message “Object type US not contained in evaluation path O-S-P” your help is appreciated.

Cheers - Darren