S.34 - Compare All Roles with the Same Names
This workflow compares one or more authorization roles with the same names, between SAP clients on the same system or across systems. Some of the possible uses for this workflow are:
-
To verify that changes made in a Development system have been migrated to QA or Production.
-
To audit the authorizations in each role.
-
To provide authorization documentation.
The results are stored in the Compared Roles Table dataset, which has the following columns:
| Column | Description |
|---|---|
| <Status> | The comparison status for the role. |
| System | The compared system’s System ID. This column is blank for roles that are the same. |
| ROLE | The name of a compared role. |
| OBJECT | The name of a role object. |
| FIELD | The name of an authorization. |
| LOW | The authorization's 'low' value. |
| HIGH | The authorization's 'high' value. |
| INACTIVE | This column is set to 'X' if the object is inactive. |
The <Status> column may contain any of the following values:
| Column | Description |
|---|---|
| = | The role’s authorizations are the same on each system. |
| X | The role’s authorizations are different in each system. These table rows are shown in red with a yellow background. |
| 1 | The role exists in the first compared system only. These table rows are shown with a cyan background. |
| 2 | The role exists in the second compared system only. These table rows are shown with a cyan background. |
Creating RFC Destinations
Before you begin, you will need to create RFC Destinations for the SAP systems you wish to compare.
Preparing the Workflow
To prepare the S.34 - Compare All Roles with the Same Names workflow, drag its workflow template from the Templates folder into your own workspace, and modify the workflow as follows:
To specify the systems to compare:
-
Select the System 1 parameter and choose ‘Edit RFC Destination’ from its context menu to display the RFC Destination dialog.
-
Select the RFC Destination for the first system to compare, then click ‘Save.
Repeat the above steps to link the System 2 parameter to the RFC Destination for the second system to compare.
To specify the roles to compare:
-
Select the Roles to Compare in Each System parameter and choose ‘Edit Select List’ from its context menu to display the Select List Editor dialog.
-
Create selection criteria for the AGR_NAME table field, specifying which role names to include or exclude. See the Select List Parameters help topic for details. Note that an ‘exclude’ specification may only be added if an ‘include’ specification has been created for the same table field.
Save the workflow using the ‘Save’ toolbar button.
Running the Workflow
To run the S.34 - Compare All Roles with the Same Names workflow, click the 'Run' toolbar button, choose ‘Run Now’ from the diagram’s context menu, or press F5. The currently running workflow action is marked with an animated display. When the workflow execution has completed, select the Compared Roles dataset and choose ‘View Details’ from the context menu to display the result table.