Skip to Content
Actions

Transaction to Role Mapping

August 6, 2012 | 558 Views |
 authorizationauthorizationscomplianceGovernance Risk And CompliancegrcIdentity And Access Managementidentity management
Follow

Transaction to Role Mapping Document

This is used during the design phase to help to view the roles in an easy-to-read format and help the SAP Security Team communicate to the functional teams, the security roles being configured.

Step 1

In PFCG Create a Composite Role ZROLEMATRIX

Assign all single roles

Save

Step 2

Go to SUIM

Pull a list of transactions executable for our created role ZROLEMATRIX and download them in an excel

Get a list of single roles in composite role ZROLEMATRIX

Now paste transactions in column and roles as rows in excel Compare.xls

To Paste Roles in a Row,

(Copy the data in the Columns

Before you paste the copied data, right-click your first destination cell, and then click Paste Special.

In the Paste Special dialog box, select Transpose, and then click OK

Select the Roles and then Angle CounterClockwise).

Step 3

Get Role details,

Go to SE16 ,AGR_1251

Give Role as Z* and object as S_TCODE

Copy this data into another Worksheet (in excel Compare.xls)

In a new column concatenate the role  and transaction using the ‘&’ operator. e.g.: A1&B1

In the next column add just ‘X’ – This will be the value placed in the matrix.

Step 4

Use the following formula to populate the matrix:

=IF(COUNTIF(Compare!$C$1:$D$2865,$C$1&$A3),VLOOKUP($C$1&$A3,Compare!$C$1:$D$2865,2,FALSE),” “)

/wp-content/uploads/2012/08/p_126695.png

RESULT

I.png

NOTE: Please note that this method won’t work for mapping the transaction values with * (For example SU*,MM* being directly assigned in S_TCODE).

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Wolfrad Deser

    It’s a proper spreadsheet, which can be gained by doing so as Malti RFeddy discripes.
    I suppose it can be easier to get this table by using the excel-feature PIVOT:

     

    Go to SE16 ,AGR_1251’.

    Give Role(AGR_NAME) <> ‘SAP*’, Object(OBJECT)  = ‘S_TCODE’ and DELETED = blank .

    Copy this data into a worksheet (in excel Compare.xls).

        

    With Excel:
    1. Prepare Pivot table creation: erase all columns except Roles and
    Transactions and erase all empty lines, create column headings, 2. Complete Spreadsheet: Mark both columns and select ‘Insert’, ‘PivotTables’ . . . Drag and drop ‘Authorization Value’(Transactions) to lines, ‘Roles’ to columns and to values. Exchange all ‘1’s by ‘X’s. Ready. 

    (0) 

Leave a Reply