Once upon a time a developer wanted to do User Comparison in the quality System after the adjusted (composite) roles were imported, so that the users have access to new fetures, like Fiori catalogs and tiles for example ASAP. Has this to be completed manually in PFCG for each, like 20 composite roles ? Or what if developer has no authorization to do User comparison, but to schedule jobs only.

kep Mass User Comparison

There is a report actually, called RHAUTUPD_NEW.

REPORT rhautupd_new NO STANDARD PAGE HEADING LINE-SIZE 113.

*-------------------------------------------------------------
* User Master Data Reconciliation with these editing types:
* - HR Organizational Management Reconciliation
* - Composite Role Reconciliation
* - Profile Matchup
*
* Additional options
* - Cleanups (for invalid profiles)
* - Replication of assignments from HR Org Management to CUA central
*   (in CUA client system only)
*-----------------------------------------------------------------------

If you execute this report, You have the option to schedule it in the background. See complete documentation of the various options, at the end of the post.

kep-3-1024x702 Mass User Comparison

You can restrict the processing to specific roles. Enter the list of roles and save a variant for that using the Save button.

kep-4 Mass User Comparison

Go back to the selection screen and Execute (F8)

kep-2 Mass User Comparison

Execute (F8) again. This will offer You to schedule a new background Job or Copy an existing one and Change.

kep-9-1024x567 Mass User Comparison
kep-5-1024x556 Mass User Comparison

Go to the Step and Change it. Enter the RHAUTUPD_NEW report name and the variant You previously saved. Another user can be used to run the report with enough/more priviliges, like a batch user.

Save.

kep-7-823x1024 Mass User Comparison

Go back to the Overview, and set the Start condition to Immediate

kep-8-844x1024 Mass User Comparison
Save, then Save again on the main screen. You are ready. You can check the status and job log in transaction SM37.

Report Documentation

Short text

Compare User Assignments

Description

The program compares indirect assignments and profile assignments for users in the current client for the roles selected on the selection screen. Direct role assignments remain unchanged.

There are three types of comparison, which can be chosen independently of each other:

  • Profile comparison:
    The program compares the current valid user assignments for the selected single roles with the assignments of the associated generated profiles, and makes any required adjustments to the profile assignments. The profile assignments are changed in the following cases:
    • Current user assignments have been added to a single role since the last comparison, or existing assignments have become valid (the current date is within the validity period of the assignment). In this case, the profile comparison extends the relevant profile assignments.
    • Single role assignments have become invalid or have been deleted since the last comparison. In this case, the comparison removes the associated profile assignments.
    • A role transport including the generated profiles for the single roles has changed the number of profiles associated with a single role, meaning that assignments of additional profiles are added or assignments of obsolete profiles are deleted.
  • Compare indirect assignments from composite roles
    • User assignments to composite roles lead to indirect assignments for the single roles contained in the composite roles. This type of comparison adjusts the indirect assignments of the selected single roles to the user assignments of all composite roles that contain the single roles. If the selection contains composite roles, the comparison is performed for all single roles contained in the composite roles.

 

    Indirect assignments of a single role are changed if one of the following situations has occurred since the last comparison:
    • The user assignments of at least one composite role that contains the single role have changed.
    • The single role has been added to at least one additional composite role or removed from at least one composite role.
    • The assignment of the single role has been activated or deactivated in at least one composite role.
    • Only in the central system of a Central User Administration (CUA)
      The target system of the single role that is contained in at least one composite role has been changed. In this special case, the comparison does not lead to changes of indirect assignments in the central system, but rather to changes of direct assignments of the single role in the target system, if it is a CUA child system.
  • HR Organizational Management comparison:
    This type of comparison updates the indirect assignments of all selected single roles and composite roles that are linked to elements of HR Organizational Management. The HR comparison is inactive and cannot be selected if no active plan variant exists or it has been globally deactivated by the setting of the Customizing switch HR_ORG_ACTIVE = NO in table PRGN_CUST.

 

If you perform both a profile comparison and a comparison of indirect assignments from composite roles in the same program run, the profile comparison is performed for all of the single roles contained in the selected composite roles. These single roles do not need to be part of the original selection.
All three types of comparison are predefined as active (for exceptions for the HR comparison, see above). Deactivate comparison types that are not required to save runtime. This is especially true for the HR comparison, if HR Organizational Management is not in use.

 

Options

This box contains useful additional functions that are independent of the three comparison types and do not relate to the role selection.

  • Cleanups
    • This function removes left-over data in the current client that is usually results from the incomplete deletion of roles and their generated profiles by transports. The obsolete data does not represent a security risk, but does unnecessarily occupy space in the database.

 

    The two most important cleanup activities are:
    • All generated profiles that are not assigned to any existing role are deleted, together with their user assignments.
    • Assignments between users and roles are deleted if either the user or the role does not exist.
  • Display Log
    • Unlike all other options, the logging option is set to active by default, so that you are able to quickly identify and correct any problems that occur when running the program. If you run the program in dialog, a log is only displayed if errors or warnings occur.

 

    The job log for background processing is more detailed. It contains not only error messages, but also success messages if the system was able to successfully compare roles. An additional status message after the completion of each comparison type indicates whether or not that part of the program was executed without errors. These messages are written to the job log even if the log output is inactive. They allow the calculation of the program runtime per comparison type.
  • Only in CUA child systems: Replicate Local HR Assignments in Central CUA
    Indirect role assignments from HR Organizational Management in the child system are copied to the CUA central system. They are only used for information purposes there, and do not lead to additional authorizations.

 

Share this content: