Skip to Content
Actions

Transaction to Role Mapping

August 6, 2012 | 1,565 Views |
 authorizationauthorizationscomplianceGovernance Risk And CompliancegrcIdentity And Access Managementidentity management
Follow RSS

Transaction to Role Mapping Document

This is used during the design phase to help to view the roles in an easy-to-read format and help the SAP Security Team communicate to the functional teams, the security roles being configured.

Step 1

In PFCG Create a Composite Role ZROLEMATRIX

Assign all single roles

Save

Step 2

Go to SUIM

Pull a list of transactions executable for our created role ZROLEMATRIX and download them in an excel

Get a list of single roles in composite role ZROLEMATRIX

Now paste transactions in column and roles as rows in excel Compare.xls

To Paste Roles in a Row,

(Copy the data in the Columns

Before you paste the copied data, right-click your first destination cell, and then click Paste Special.

In the Paste Special dialog box, select Transpose, and then click OK

Select the Roles and then Angle CounterClockwise).

Step 3

Get Role details,

Go to SE16 ,AGR_1251

Give Role as Z* and object as S_TCODE

Copy this data into another Worksheet (in excel Compare.xls)

In a new column concatenate the role  and transaction using the ‘&’ operator. e.g.: A1&B1

In the next column add just ‘X’ – This will be the value placed in the matrix.

Step 4

Use the following formula to populate the matrix:

=IF(COUNTIF(Compare!$C$1:$D$2865,$C$1&$A3),VLOOKUP($C$1&$A3,Compare!$C$1:$D$2865,2,FALSE),” “)

/wp-content/uploads/2012/08/p_126695.png

RESULT

I.png

NOTE: Please note that this method won’t work for mapping the transaction values with * (For example SU*,MM* being directly assigned in S_TCODE).

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Former Member

    It’s a proper spreadsheet, which can be gained by doing so as Malti RFeddy discripes.
    I suppose it can be easier to get this table by using the excel-feature PIVOT:

     

    Go to SE16 ,AGR_1251’.

    Give Role(AGR_NAME) <> ‘SAP*’, Object(OBJECT)  = ‘S_TCODE’ and DELETED = blank .

    Copy this data into a worksheet (in excel Compare.xls).

        

    With Excel:
    1. Prepare Pivot table creation: erase all columns except Roles and
    Transactions and erase all empty lines, create column headings, 2. Complete Spreadsheet: Mark both columns and select ‘Insert’, ‘PivotTables’ . . . Drag and drop ‘Authorization Value’(Transactions) to lines, ‘Roles’ to columns and to values. Exchange all ‘1’s by ‘X’s. Ready. 

    (0) 

Leave a Reply