You can use this procedure to compare two user master records, roles (including composite roles), profiles, or authorizations in the same system or different systems in the User Information System. You define the name of the RFC destination with transaction SM59.
When comparing composite roles, you receive as the result a list of the single roles and then below this, a comparison of the authorization objects.
This example describes how you can compare two users (the procedure is the same for roles, profiles, or authorizations). The master records are resolved to authorization field level and compared.
The system displays the Comparisons screen, on which a comparison of the two users is displayed. This is divided into same values, different objects, same values, and different values. In the case of different objects, only the user for which an authorization object is displayed has the object. Different values means that although both users have authorizations for the same object, the values are different. Same values means that both the authorization object and the authorization values of the two users match.
The authorizations from different profiles were resolved, combined by objects and sorted by fields. This means that you have a compact comparison of the values for each field.Note that this display allows a quick comparison, but that the interaction of the fields within an authorization is of vital importance. In particular, it can be the case for the objects listed under "same values" that although two users have the same values for an object, they do not have the same authorizations´, as the field values are combined differently in different authorizations. You should therefore regard this comparison function only as a utility for finding differences and not for documenting equality.
For information about investigating the user master records of two users for an object at the authorization level, see the Users by complex selection criteria section of Determining Users with the Users Node.