Ops Archives » Page 10 of 16 » Musings of an IT Implementor

SAP Authorisation Objects Naming Convention

The first letter of SAP authorisation objects is intelligently coded to represent the SAP module for which it belongs:
e.g. F_KNA1_BUK

A Assets Accounting
C Classification System
E Consolidation
F Financial Accounting
G Special Ledger
K Controlling
L Logistic execution
M Materials Management
P Human Resources
S Basis
V Sales and Distribution

If the second character is an underline, then this indicates this authorisation object is a SAP standard one.

Use transaction SU03, SU21 or table TOBJ, to list the authorisation objects in the system and drill-down into the authorisation fields and their possible values.

If using the tables, you may need the other related tables to pull the texts: TOBJ, TOBC (classes), TOBJT.

SAP Users With Roles Not Assigned via Composite Roles

Have you ever needed to list SAP roles that are assigned to user accounts, but show only the single roles that are directly assigned (not single roles inherited through composite roles)?

Here’s how you can do it:
Using SE16, get the records from AGR_USERS table with field COL_FLAG=’ ‘

Relate this to USR02 table BNAME field to decide if the user account is locked (valid) or not in use anymore.

I’ve also discovered this can be done in transaction S_BCE_68001394 (Users by User ID). You just input * into the user ID field, execute the report and then sort the two columns for “Direct Assignment” and “Role Type”. This will give you the Single roles assigned directly.

GRANT or REVOKE on User in DB Link Connection

If you GRANT additional privileges to an Oracle user who is used in a DB Link connection (from another database), then if the DB Link is already open and in use (the target DB has ACTIVE or INACTIVE sessions), you will need to close the DB link connection before you see the new privileges.

The same is true if you grant a new role to the user.

However, if you REVOKE privileges from an Oracle user who is used in a DB Link connection then these changes are seen immediately the next time the user is used to perform an operation across the DB link.

Restarting SAP During Online BRBackup

If your online BRBackup has been started from outside of SAP (e.g. by an enterprise scheduling tool perhaps), then you can safely restart the SAP application without affecting the backup.

Simply use the “stopsap r3” command option to bring down only the SAP application and leave the database running.

If the backup was scheduled within SAP (e.g. through DB13), then you are not advised to do this since SAP will be waiting for the BRBackup return code.

Self Extracting tar Archive UNIX

There’s a very old post here https://www.cesarkallas.net/arquivos/tutoriais/linux/auto_extract.html
which shows how to create an executable script with an embedded tar file, which will effectively auto-extract once executed at the command prompt.
Very neat indeed!

NOTE: when accessing the URL, you need to cancel the password prompts multiple times.