Scenario: As part of your internal auditing or general processes, you require a list of all transactions that are assigned to roles.
At first thought, this may be easy. You could try to use the SUIM transactions, but you will find that you are only able to list one role at a time and you are not able to see all transactions assigned to all roles in one display.
The only way that you can easily do this is either using the SAP internal query tools (such as quickviewer) or via the database tools directly.
Since SAP do not recommend accessing the database directly, it makes sense to use the SAP tools already provided.
If you do choose the direct database method, then you will need to know that the query you would need will look something like this:
SELECT agr_name,
low,
high
FROM agr_1251
WHERE agr_name = '<YOUR ROLE NAME>'
AND object='S_TCODE';
We will use the SAP quickviewer (transaction SQVI) as this is the preferred method.
Unfortunately, the transaction has a downside, in that you can’t transport the query directly.
Instead, it’s possible to generate a program from the query, copy it and create your own “Z” report that you can transport.
In transaction SQVI, create a new query called “TCODES_IN_ROLE” or whatever you think is an appropriate name:
Add a description for the query and then add the fields:
Role Name (AGR_1251-AGR_NAME)
Authorization Value (AGR_1251-LOW)
Authorization Value (AGR_1251-HIGH)
Auth Object in User Master Maintenance (AGR_1251-OBJECT)
You can adjust the sort sequence on the “Sort Sequence” tab if you wish.
On the “Selection fields” tab, you can indicate which fields the user is able to use to narrow the query selection (set the predicates).
Save the query and then execute:
On the previous screen, the option to generate the program exists:
Choose the “Display report name” option (shown on the menu selection above) to then display the subsequently generated program name:
Now display the report source code in SE38:
You can now copy the report to your own “Z” report and modify as required.
This can then be transported.
WARNING: Since this report exposes detailed information on the structure of your roles, you should ensure that you secure it by assigning it to an authorisation group accordingly.