Show TOC

 Comparing Cross-System Users, Authorizations, Roles, and Profiles (RSUSR050)Locate this document in the navigation structure

Use

You can use this procedure to compare two user master records, roles (including composite roles), profiles, or authorizations in the same system or different systems in the User Information System. You define the name of the RFC destination with transaction SM59.

When comparing composite roles, you receive as the result a list of the single roles and then below this, a comparison of the authorization objects.

This example describes how you can compare two users (the procedure is the same for roles, profiles, or authorizations). The master records are resolved to authorization field level and compared.

Procedure
  1. 1.      Start the user information system (transaction SUIM).
  2. 2.      Expand the Comparisons node.
  3. 3.      Choose the Execute function in the From Users line.
  4. 4.      In the User A and User B fields, enter the names of the users to be compared.
  5. 5.      To compare users in different systems, choose the Across Systems button.
    • ¡        To compare a user of the current system with a user from another system, enter the user name for user A and the RFC destination and the user name for user B. You can use the input help to select from the available RFC destinations.
    • ¡        To compare a user from another system A with a user from a further system B from the current system, enter the RFC destinations of these systems in the fields RFC Destination for System A and RFC Destination for System B.
  6. 6.      Choose Execute.

    The system displays the Comparisons  screen, on which a comparison of the two users is displayed. This is divided into same values, different objects, same values, and different values. In the case of different objects, only the user for which an authorization object is displayed has the object. Different values means that although both users have authorizations for the same object, the values are different. Same values means that both the authorization object and the authorization values of the two users match.

    • ¡        To display documentation for an authorization object, select the object and choose Documentation.
    • ¡        To display a sorted comparison of the values by authorization fields, select the relevant line and choose Select.
Result

The authorizations from different profiles were resolved, combined by objects and sorted by fields. This means that you have a compact comparison of the values for each field.Note that this display allows a quick comparison, but that the interaction of the fields within an authorization is of vital importance. In particular, it can be the case for the objects listed under "same values" that although two users have the same values for an object, they do not have the same authorizations´, as the field values are combined differently in different authorizations. You should therefore regard this comparison function only as a utility for finding differences and not for documenting equality.

For information about investigating the user master records of two users for an object at the authorization level, see the Users by complex selection criteria section of Determining Users with the Users Node.