Skip to Content
Technical Articles
Author's profile photo Frank Buchholz

Export/Import Critical Authorizations for RSUSR008_009_NEW

News: As of SAP_BASIS 7.52 (with a support package as of October 2019) you can use the standard report RSUSR_UP_AND_DOWNLOAD_FOR_CA instead:

See Note 2785076 – SUIM | New functions in RSUSR008_009_NEW

[This is a copy of the same page on Code Exchange on SDN which shuts down end of August 2013. Therefore, I move my projects here to SCN.]


We like to introduce a new Code Exchange project which was the result of a student practicum during the last weeks.

The purpose of this new program Z_USCRAUTH is to simplify the maintenance of critical authorization definitions used by Report RSUSR008_009_NEW. Using this program you can import an XLS sheet including the needed data or export the content of the database to an XLS sheet. Furthermore it gives a clearer overview of the authorization data in the form of some tables.

Finally we’ve published a file representing the checks of the SOS: → Media Library → Security Optimization Service – ABAP Checks

Kind regards

Julius Daub and Frank Buchholz

ABAP Source Code

You find the source code on the corresponding wiki page.

ABAP source code:

XLS sheet:


This report is used do export/import the definition data which are used by the report RSUSR008_009_NEW about critical authorization and variant of the user information system, transaction SUIM that you usually maintain within that report or using transaction SU_VCUSRVAR_CHANGE to/from an Excel-sheet.

This is much more convenient than defining it in the UI of the report.

Initial Screen


There are three actions that can be performed by the report. In (1) you choose the action to be performed. In (2) and (3) you can define criteria of selections for the data you want to get.

In (4) you have to choose an XLS-sheet file name whose data you want to be imported or where you want to export your data to.


Show Data

Only shows data selected in (2) and (3) on the screen in the form of 6 tables.


(Part of the info-screen)

Export Data

Exports data selected at (2) and (3) to the XLS selected at (4), generates a preview inside of the report and shows the same screen as Show Data. If the file already exists, it will be overwritten; else a new file with the pathname selected at (4) will be created.


(Preview of the Excel-Sheet inside of the report)


(Exported Excel-sheet)

Import Data

Imports data selected at (2) from the Excel sheet selected at (4), writes it to the database and shows it on the screen as in Show Data. In Addition the report shows a change log of the data on the screen.


(Change log)

If the data in the sheet is obviously incorrect, the changes won’t be performed and an error message will be displayed.


(Wrong Data in the XLS)


(Error Message)

Tips concerning the Excel file

  • The attached File contains the main part of the authorization data out of the SOS document, but it’s possible that there are some small mistakes.
  • The first column (TABLENAME) defines the table
  • The sort order of the file does not matter.
  • The entries for table USRVAR and USCRAUTHID are optional.
  • The TEXT field in USRVARID and USCRAUTHID is optional.
  • If you omit the language it will be replaced by the logon language.
  • Color Code 6 = RED
  • Color Code 3 = YELLOW
  • If you omit the color code it will be replaced by 6.
  • Have a close look to numeric data: To enter leading zeros use ‘ to avoid that Excel removes the leading zero. (This report repairs wrong data in case of the activity field, ACTVT, automatically.) Example: Enter ’02 instead of 2
  • If the file is opened in Excel during executing the report, an error message will appear: “Excel file … cannot be processed”
  • It’s recommended to use the attached file as template for your own file; you can also export some data to another file and edit this one.
  • If you want to create your own source file, this file has to follow this structure to get correct results:
Record type Column A B C D E F G H
USRVAR (definition of variants) TABLENAME VARNAME
USRVARID (assignments of critical authorizations to variants) TABLENAME VARNAME AUTH_ID (TEXT)
USCRAUTHID (definition of critical authorizations) TABLENAME AUTH_ID AUTH_COLOR T_CODE
USCRAUIDT (short texts of critical authorizations) TABLENAME AUTH_ID TEXT LANGU


  • The “Text-Search” is not finished
  • Garbage in – garbage out: There exist some input checks on the data but you should only use correct files to avoid trouble.
  • If you enter wrong, duplicate data you might get a dump.
  • If the file is locked in Excel you might run into trouble
  • No transport interface. If you want to transport the definitions you
  • Use transaction SU_VCUSRVAR_CHANGE to add them to a transport.

Related links

Online Documentation – Users with Critical Authorizations (RSUSR008_009_NEW)

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Frank,  do you know of any Blog entry, Wiki, or another kind of help document for usage of RSUSR008_009_NEW ?   I never used it before but would like to see real-world implementations, or advice. 

      Author's profile photo Frank Buchholz
      Frank Buchholz
      Blog Post Author

      Hello Kesayamol,

      I just know about the Online Help (link added to the blog) which includes a small example. I suggest you start using this report with such a simple example for Critical Authorizations and try to get the same results with report RSUSR002 and RSUSR008_009_NEW.

      Kind regards


      Author's profile photo Former Member
      Former Member

      This looks fantastic Frank, I have this in a sandbox currently and will be using it in Dev shortly. It looks like a big time saver and it may save me from pulling my hair out in frustration 🙂

      Author's profile photo Former Member
      Former Member

      Hello Frank,

      It seems to be a  mini GRC RAR  for free! 😀 . I'm thinking about using the GRC ruleset 😉 to check some critical access.



      Author's profile photo Christophe Fleury
      Christophe Fleury

      Hi Franck,

      Great Document !

      In my GRC project, Two years ago, we used the BCSETs possibilies to deploy the customization of RSUSR008_009_NEW. So with SCPR3 and SCPR20 transaction, we were allowed to put all the rule in other SAP landscape. Moreover, it is like a "backup" for P.R.A processes...



      Author's profile photo Christophe Fleury
      Christophe Fleury

      I have just finish an abap program that allow, in one click, to have the SOD conflicts in a client. As it is an Abap program, you can transport it in the landscape.

      If you want some information, tell me.



      Author's profile photo Former Member
      Former Member

      Hello Christophe,

      I would be very interested in this if you would like to share some information.

      Best Regards,


      Author's profile photo Christophe Fleury
      Christophe Fleury

      Hello Will,

      What do you want to know exactly - concerning matrix ? report  ? what is your project statement ? regards. Christophe

      Author's profile photo Former Member
      Former Member

      Hi Christophe,

      I would be very interested to see your program. I have used Frank's solution to simplify our maintenance of our critical authorizations variant, but I would be very interested in any program that you have created to identify SoD conflicts.

      We have our own matrix, but we would like a better tool to use it 🙂

      Author's profile photo Silvia Mazuela
      Silvia Mazuela



      Los link para bajar el codigo no se encuentran habilitados, ¿Podrias habilitarlos nuevamente?