Bapi for maintaining roles

Former Member · ‎2007 Jun 12

Hi all,

I have to modify role ( adding or deleting Transaction to role) through program. Do anyone knows BAPI or BADI for that which can do changes in in role.

Can we write BDC for role maintenance?

Regards,

Sandip

Former Member · ‎2007 Jun 12

If your are trying to modify roles in T-code pfcg?

there are No badi's which exist for it.

i can tell you more hw 2 process but let me know if that is the t-code you want to use?

thankx

bhanu

Former Member · ‎2007 Jun 12

Yes, I want it for pfcg transaction and I want to add or remove HR regarding transaction (like PA20, PA30) through program.

Former Member · ‎2007 Jun 12

Hi

Check the following BAPI's and fun modules

SUSR_BAPI_USER_PROFILES_ASSIGN

SUSR_BAPI_USER_PROFILES_DELETE

SUSR_USER_PROFS_BUFFER_CLEAR

SUSR_USER_PROFS_BUFFER_FILL

SUSR_USER_PROFS_BUFFER_SAVECHK

SUSR_USER_PROFS_BUFFER_TO_DB

SUSR_USER_PROFS_LASTCHANGE_GET

SUSR_USER_PROFS_PROFILES_CHECK

SUSR_USER_PROFS_PROFILES_DEL

SUSR_USER_PROFS_PROFILES_GET

SUSR_USER_PROFS_PROFILES_PUT

SUSR_USER_PROFS_PROFTEXT_FILL

SUSR_USER_PROFS_RELATE_ONE

SUSR_USER_PROFS_REMOVE_ONE

SUSR_USER_LOCPROFS_PROFS_CHECK

SUSR_USER_LOCPRO_O_PROFILE_DEL

SUSR_USER_LOCPRO_PROFILES_ADD

SUSR_USER_LOCPRO_PROFILES_DEL

SUSR_USER_LOCPRO_PROFILES_GET

SUSR_USER_LOCPRO_PROFILES_PUT

SUSR_USER_LOCPRO_PROFTEXT_FILL

<b>Reward points for useful Answers</b>

Regards

Anji

Former Member · ‎2007 Jun 12

1> Ask for your client to give you the access key to modify the roles.

if this happens it can solve your problem.

2> or you can copy the program into your z program and then modify accordingly

3>or you can navigate through the screens ...debug and see which screen of pfcg you want 2 enhance you can write a separate z program for that.

i dnt think there is any other possible way to do that coz bapi's doesnt exist for pfcg

hope this was helpful

thnkx

bhanu

uwe_schieferstein · ‎2007 Jun 12

Hello Sandip

The following sample reports add a transaction to the role menu. However, by adding a transaction to a role usually additional "objects" are inserted into a role which require maintenance of the authorization values.


*&---------------------------------------------------------------------*
*& Report  ZUS_SDN_PFCG_ADD_TCODE
*&
*&---------------------------------------------------------------------*
*&
*&
*&---------------------------------------------------------------------*

REPORT  zus_sdn_pfcg_add_tcode.



DATA:
  gs_tcodes    TYPE agr_tcodes,
  gt_tcodes    TYPE STANDARD TABLE OF agr_tcodes.


PARAMETERS:
  p_role      TYPE agr_name  DEFAULT 'Z_SDN_ROLE1',
  p_tcode     type tcode     default 'SU01'.



START-OF-SELECTION.


  CALL FUNCTION 'PRGN_1221_READ_TRANSACTIONS'
    EXPORTING
      activity_group              = p_role
*     ONLY_TRANSACTIONS           = ' '
    TABLES
      i_agr_tcodes                = gt_tcodes
*     I_AGR_SELECT                =
    EXCEPTIONS
      no_transactions_found       = 1
      OTHERS                      = 2.
  IF sy-subrc <> 0.
* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
*         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
  ENDIF.


  READ TABLE gt_tcodes INTO gs_tcodes INDEX 1.
  gs_tcodes-tcode = p_tcode.
  APPEND gs_tcodes TO gt_tcodes.

  CALL FUNCTION 'PRGN_1221_SAVE_TRANSACTIONS'
    EXPORTING
      activity_group       = p_role
*     DISPLAY_STATUS       = 'X'
    TABLES
      i_agr_tcodes         = gt_tcodes
*     I_AGR_SELECT         =
            .


  CALL FUNCTION 'SUPRN_PROFILE_BATCH'
    EXPORTING
      act_objid                   = p_role
*       LTEXT                       =
*       ENQUEUE                     = ' '
    EXCEPTIONS
      objid_not_found             = 1
      no_authorization            = 2
      generation_not_active       = 3
      empty_authorizations        = 4
      enqueue_failed              = 5
      not_generated               = 6
      OTHERS                      = 7.
  IF sy-subrc <> 0.
    MESSAGE ID sy-msgid TYPE 'S' NUMBER sy-msgno
            WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
  ENDIF.



END-OF-SELECTION.

Regards

Uwe

Former Member · ‎2007 Jun 12

Thanks Uwe, It will solve my problem at better extent but my main problem is the 'Object values'. Because addition of transaction appends object values but old values remain same. Is there any method for maintaining those values?

uwe_schieferstein · ‎2007 Jun 12

Hello Sandip

Our company has developed over the last 7 years an application which allows to completely separate the authorization values (= OrgLevels & all other authorization fields) from the role generation (i.e. the profilgenerator).

We are now able to deliver almost any authorization values at any position within a role, in particular we can also handle specific authorization value-sets for repetitive authorization objects (which are quite frequently found in HR roles).

Based on a <i>master role -> derived role </i>concept we can take the separated default values and the master role and generate automatically the corresponding derived roles.

The point I would like to stress is that is is by no means a trivial task to maintain authorization values in roles programatically. In particular, in the profilgenerator we have several different status (Standard, Maintained, Manual) which make this task even more complicated.

Our product is currently in use at a big company here in Switzerland. Having about 100 master roles they maintain about 2-3 thousand derived roles with about 2-3 people.

Regards

Uwe

Former Member · ‎2011 Feb 21

Hi Uwe,

have you some hints about your product to apply master role changes to derived roles?

I have to set up the values from an excel file (master role) to some thousand of derived roles...

Thansk in advance.

GB

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

Bapi for maintaining roles