Transaction to Role Mapping

Transaction to Role Mapping Document

This is used during the design phase to help to view the roles in an easy-to-read format and help the SAP Security Team communicate to the functional teams, the security roles being configured.

Step 1

In PFCG Create a Composite Role ZROLEMATRIX

Assign all single roles

Save

Step 2

Go to SUIM

Pull a list of transactions executable for our created role ZROLEMATRIX and download them in an excel

Get a list of single roles in composite role ZROLEMATRIX

Now paste transactions in column and roles as rows in excel Compare.xls

To Paste Roles in a Row,

(Copy the data in the Columns

Before you paste the copied data, right-click your first destination cell, and then click Paste Special.

In the Paste Special dialog box, select Transpose, and then click OK

Select the Roles and then Angle CounterClockwise).

Step 3

Get Role details,

Go to SE16 ,AGR_1251

Give Role as Z* and object as S_TCODE

Copy this data into another Worksheet (in excel Compare.xls)

In a new column concatenate the role  and transaction using the ‘&’ operator. e.g.: A1&B1

In the next column add just ‘X’ – This will be the value placed in the matrix.

Step 4

Use the following formula to populate the matrix:

=IF(COUNTIF(Compare!$C$1:$D$2865,$C$1&$A3),VLOOKUP($C$1&$A3,Compare!$C$1:$D$2865,2,FALSE),” “)

RESULT

NOTE: Please note that this method won’t work for mapping the transaction values with * (For example SU*,MM* being directly assigned in S_TCODE).