I have a strange request from the business. They want a report where they give a tcode or tcodes and the program will check which department has this/these and which users.
OK, I have found a couple of tables like AGR_TCODES (Assignment of roles to Tcodes), AGR_USERS (Assignment of roles to users) and USER_ADDR (Users by address data) to find what I want.
My question is: if a user has access to a tcode that it does not belong to one of his role, how can we catch this?
For example: I have access to VA03 but none of my roles is connected to this tcode.
Is there any way to catch this?
Finally with the help of Dirk Trilsbeek I found the solution to what I was looking for. Here is the selection:
SELECT DISTINCT a~von e~ttext d~department d~bname d~name_first
d~name_last d~name_textc c~profile
INTO CORRESPONDING FIELDS OF TABLE gt_tcode_per_dprtm_usr
FROM ust12 AS a
INNER JOIN ust10s AS b
ON a~auth = b~auth AND
a~objct = b~objct AND
a~aktps = b~aktps
INNER JOIN ust04 AS c
ON b~profn = c~profile
INNER JOIN user_addr AS d
ON c~bname = d~bname
INNER JOIN tstct AS e
ON e~tcode = a~von
WHERE a~objct = 'S_TCODE' AND
a~von IN so_tcode AND
e~sprsl = 'G'.
I want to thank all of you for your answers.