You can use report RSUSRAUTH to display role data in a client. Only the role data (table AGR_1251) and not the profile data (table UST12) is analyzed. Only roles with authorization data are examined. Roles without authorization data are obsolete for this report. These can be analyzed with report RSUSR070.
You can call the report from the area menu node Roles > Search for Single Roles with Authorization Data in transaction code SUIM, or directly using transaction RSUSRAUTH in the OK field.
Standard Selection
- Role
- Name of single role
Selection by User Assignment
- All Roles Regardless of User Assignment
- User assignment is irrelevant.
- Without User Assignment
- Only single roles that are not assigned to any users are found.
- With Valid Assignment of User(s)
- The report finds single roles that are assigned to the entered user name(s). If you do not specify a user name, all single roles that have at least one user assignment are found.
Selection by Maintenance Status
- Active/Inactive Authorizations
- Only active or inactive authorizations are analyzed.
- Maintenance Status for Authorizations
- Standard
- Maintained
- Changed
- Manual
- Maintenance Status for Authorization Fields
- Standard
- Maintained
- Changed
- Manual
You can select either by maintenance status for authorizations or maintenance status for authorization fields. The default is to search for maintenance status for authorizations. The search for maintenance status for authorization fields is deactivated. If this criterion is selected, the search for maintenance status for authorizations is deactivated.
Selection by Values for Authorizations
- Authorization Object 1 (2, 3, 4 or 5)
- Authorization objects and their authorization values. After you have entered the authorization object, choose “Field Values” to open the associated value fields for the possible authorization fields in a separate dialog window. You can use multiple selection to enter authorization values that are connected by an OR link. One AND link is allowed for each authorization field.
- Full authorization refers only to the authorization that is defined with an asterisk (*) (search pattern ‘#’). Authorizations that contain all possible values for a field are not taken into account for this search criterion.
- If you enter the search pattern ‘#’, the system finds only the authorizations for which the number of values for a field corresponds to the complete set of all possible values.
- The search for complete sets of all possible values is restricted to fields that have either fixed values or a check table. For fields with free value specifications, it is not possible to search for the complete set of all possible values.
When searching for the complete set of all possible values, only the values that give the complete set in one authorization are taken into account. This means that users, roles, or profiles that have the complete set of all possible values due to a combination of several authorizations are not taken into account here.
Output
- Role
- Role names that exist according to the selection criteria.
- Object
- Authorization Object
- Authorization
- Field Name
- Maintenance Status for Authorizations
- Standard
- Maintained
- Changed
- Manual
- From value
- To value
- Maintenance Status for Fields
- Standard
- Maintained
- Changed
- Manual
- Activation Status
- Active authorization
- Inactive authorization
- Profile Status
- Profile generated
- No profile or no current profile
- No authorization data
- Name of the user group
- This column is not shown in the default setting. You can obtain it from the column set.
