This blog contains experience gained over the years of implementing (and de-implementing) large scale IT applications/software.

HowTo: List all SAP transaction codes in roles

Scenario: As part of your internal auditing or general processes, you require a list of all transactions that are assigned to roles.

At first thought, this may be easy. You could try to use the SUIM transactions, but you will find that you are only able to list one role at a time and you are not able to see all transactions assigned to all roles in one display.
The only way that you can easily do this is either using the SAP internal query tools (such as quickviewer) or via the database tools directly.

Since SAP do not recommend accessing the database directly, it makes sense to use the SAP tools already provided.
If you do choose the direct database method, then you will need to know that the query you would need will look something like this:

SELECT agr_name,
       low,
       high
  FROM agr_1251
 WHERE agr_name = '<YOUR ROLE NAME>'
   AND object='S_TCODE';

We will use the SAP quickviewer (transaction SQVI) as this is the preferred method.
Unfortunately, the transaction has a downside, in that you can’t transport the query directly.
Instead, it’s possible to generate a program from the query, copy it and create your own “Z” report that you can transport.

In transaction SQVI, create a new query called “TCODES_IN_ROLE” or whatever you think is an appropriate name:

Add a description for the query and then add the fields:

Role Name (AGR_1251-AGR_NAME)
Authorization Value (AGR_1251-LOW)
Authorization Value (AGR_1251-HIGH)
Auth Object in User Master Maintenance (AGR_1251-OBJECT)

SAP transaction codes in roles

You can adjust the sort sequence on the “Sort Sequence” tab if you wish.

On the “Selection fields” tab, you can indicate which fields the user is able to use to narrow the query selection (set the predicates).

Save the query and then execute:

SAP transaction codes in all roles

On the previous screen, the option to generate the program exists:

Listing SAP transaction codes in roles

Choose the “Display report name” option (shown on the menu selection above) to then display the subsequently generated program name:

Now display the report source code in SE38:

You can now copy the report to your own “Z” report and modify as required.
This can then be transported.

WARNING: Since this report exposes detailed information on the structure of your roles, you should ensure that you secure it by assigning it to an authorisation group accordingly.


Add Your Comment

* Indicates Required Field

Your email address will not be published.

*