Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

AGR_USERS table content

Former Member

‎2013 Apr 24 10:39 AM

0 Likes
7,824

Dear all,

I am currently working on authorization issues and in this context I am trying to understand how the AGR_USERS table is structured.

I am having trouble understanding what is the use of the fields :

- EXCLUDE (Field label being "Exclusive")

- CHANGE_TST (Field label being "UTC Time Stamp in Short Form (YYYYMMDDhhmmss)")

- ORG_FLAG (Field label being "HR Org Mgt")

Could anyone tell me by the use of which transaction the field is being updated in the table and in which context this information can be usefull.

Thank you in advance for your help.

Regards

Sanddie

8 REPLIES 8
Read only

Former Member

‎2013 Apr 24 3:47 PM

0 Likes
5,275

hi Sanddie,

I can only give you a conclusive answer on one of your three questions. the ORG_FLAG indicates whether a role is assigned via OM instead of the usual assignment via SU01 or PFCG.  this is called indirect role assignment.

the CHANGE_TST field is indeed the UTC timestamp, but in the system I'm currently logged into this field is not populated for any role assignment.

I was not able to find any info for the EXCLUDE field. this is not populated for any entry in my AGR_USERS table either...

Message was edited by: Dimitri van Heumen

Read only

Former Member
In response to Former Member

‎2013 Apr 25 1:19 PM

0 Likes
5,275

Hi Dimitri : that is great I will have a look at this indirect role assignement !

I just have one more field to go : does anyone have any idea of where this EXCLUDE field comes from ?

Thank you

Sanddie

Read only

Former Member

‎2013 Apr 24 6:30 PM

0 Likes
5,275

HR Org Mgt is where the role is available to the user through position based assignment (they inherit the roles through the being assigned to an org structure which itself has access assigned to it).  Do a search on "position based security" for a bit more info.

The other fields? No idea

Read only

Former Member
In response to Former Member

‎2013 Apr 25 1:18 PM

0 Likes
5,275

Hi Alex,

Thank you very much for this answer : two more fields to go !

Sanddie

Read only

mvoros
Active Contributor
In response to Former Member

‎2013 May 31 2:52 AM

0 Likes
5,275

EXCLUDE should not be used by ABAP stack according to note 908563. But PRGN_J2EE_USER_GET_ROLES will ignore the roles with this flag set to 'X'. So it seems like you could use it to hide some roles from Java stack in case of dual stack installation.

The field CHANGE_TST is initialized few times in ABAP stack but I can't see any meaningful logic for this field.

Cheers

Read only

Former Member
In response to Former Member

‎2013 Jun 03 10:41 AM

0 Likes
5,275

Hi Martin,

Thank you very much for this very helpful answer : I will have a closer look at the note 908563 !

Sanddie

Read only

fredrik_borlie
Contributor

‎2013 May 31 12:37 AM

0 Likes
5,275

lI dont get it.

What authorization issues makes you analyse the table holding the content visible via the pfcg.

You can get even better help if you share your real issue with us.

Read only

Former Member
In response to fredrik_borlie

‎2013 Jun 03 10:43 AM

0 Likes
5,275

Hi Fredrik,

I am working on mass analysis of the authorization meaning that I don't go through PFCG (too tidious) : I directly go to the table. This is why I need to understand the detailled structure of the tables.

Hope that helps you understand my question

Sanddie