BW SecurityLSMW - Mass User Creation

LSMW – Mass User Creation

LSMW stands for Legacy System Migration WorkBench. Originally it was a tool supplied by SAP to migrate data from a legacy system to SAP. However, as we will see in this article, it can be used to upload almost any data into SAP. In the present case, we will be creating a lsmw script to create a bunch of user ids, a job which is common for any security administrator. Since lsmw is based on sap BDC (batch-data-communication sessions) we would have to first create a recording to store the entire sequence of actions involved in creating a user, read the user data for a set of users from a data file and use the read data to create a session for user creation. At the final step we would run the session to actually create the users. Though I have taken the example of user creation, by no means should it be assumed that this is the only application of lsmw in security. As long as you can create a recording for a sequence of repetitive actions, lsmw can step in and lighten your load.

To start LSMW we use the transaction “lsmw”. We start create a project, subproject and object as shown below.

lsmw - create project
lsmw - create project

Once the project is created we are greeted with the lsmw main screen showing a set of actions needed to create the complete script. Depending on the nature of the script and the data all or some of these option need to be updated.

lsmw - main screen
lsmw - main screen

Step 1 – We start by maintain the object attributes. The most important attribute which needs to be specified is the name of the recording which will be used to create the BDC session. A recording is basically a set of actions that the script will replicate during executing. We can create a recording from following the menu options in the same screen. In the present case, we create a recoding for the SU01 transaction and fill up the various input fields needed to create a user.

lsmw - maintain object attributes
lsmw - maintain object attributes

Step 2 – We create a source structure to store the data needed for the script. This will store the user attributes needed by the script.

lsmw - display source structure
lsmw - display source structure

Step 3 – Next we maintain the data fields in the source structure. In the present case, I have only used the data fields – system id, last name, first name, department, email, user group and password. Nothing is really stopping you from using more or less fields. Note that unless all users use the same roles, it would be difficult to incorporate role addition into the same script.

lsmw - source fields
lsmw - source fields

Step 4 – Next we maintain the structure relations. Since we defined only one structure in our script, we accept the default values suggested and click save. This single data structure is used as the data source for the recording that is used to create each user.

lsmw - maintain structure
lsmw - maintain structure

Step 4: Maintain field mapping between the data structure and the fields used in the recording.

lsmw - map structure fields
lsmw - map structure fields

Step 5: In the next screen we can define our own fixed values, translations or routines to be used in the script. In the present script, these options are left unused.

lsmw - conversion routines
lsmw - conversion routines

Step 6: In the next screen we define the path and format of the input files which would actually store the legacy data meant to be loaded by the script. We have used a csv file in the local machine as our data source.

lsmw - specify input files
lsmw - specify input files

Step 7: Next we assign the data from the file to any of the structures used in the script. The present script uses a single file and a single data structure. So we just accept the default values suggested.

lsmw - assign files
lsmw - assign files

Step 8: Next we import the data from the source file

lsmw - import data from file
lsmw - import data from file

Step 9: On clicking execute we get the next screen displaying details about the data read. The input file in our case had 33 records for creation of 33 users.

lsmw - show details for import data
lsmw - show details for import data

Step 10: We can display the read data to verify that input data has been correctly imported into the script.

lsmw - display imported data
lsmw - display imported data

Step 11: The next 2 steps are converting imported data and displaying the converted data for verification. Since, we use imported data without change, these options remain unused for our script. Finally we generate the BDC session for our recording and using the imported data from the source file. Once the BDC session has been successfully generated we use the last screen option in lsmw or transaction SM35 to execute the session. If the recording is without errors and the data is correct, executing of the session will create the 33 users whose attributes were originally provided in the source file.

lsmw - generate BDC session
lsmw - generate BDC session

LSMW is very similar to creating a recording through transaction SHDB, generating an ABAP report for the recoding and modifying the generated code to read a source file and use the data to generate a BDC session. A seasoned ABAP developer might prefer this method as custom code provides a greater degree of flexibilty to answer complicated user requirements. However, custom code invariably results in greater maintenance and testing effort. So finally which method you end up following will probably depend on your own special requirements.

37 thoughts on “LSMW – Mass User Creation

  • BlackPro

    Can you create a youtube video of these process.
    I find it fascinating welldone excellent explanation.
    Excellent website.
    Splendid it’s kept me up all night.
    Keep up the good work.

    Reply
    • Aninda

      Hi BlackPro,

      Glad that you like the post. I will keep the idea about a youtube video in mind but I can not see it happening in the next few weeks. One of my intentions in starting this blog was to create a unified resource which lists out the possibilities in SAP security. I am not really trying to create a how-to guide. Why don’t you play around LSMW yourself a little bit? Believe me, thats going to more helpful in the long run than a ready-made video.

      Regards,
      Aninda

      Reply
  • SriRam

    Hi Aninda,

    Oh my God! what an explanation…….

    I have just found your website while am searching out for some topic.
    I really Appreciate your hard work and determination in understanding security
    concepts Broad and in depth.

    This is the best website that I have ever seen and I have become fan of u.

    Reply
  • hi,

    Awesome explanation.Thanks mate

    Reply
  • Hi

    That was a good explanation. I just meandered into your site and find it quite interesting.

    Can you create a vide of lsmw on Master data creation FS00 and upload that will be quite useful. I somehow find it quite difficult though I am okay with XKO1 and other functions.

    Reply
    • Sorry, but I am not familiar with the transaction you listed. Since you already use LSMW, you would also know that the key differentiator between two lsmw scripts, is the recording itself. Its also a sad fact that not all transactions/actions are suitable for recording. Guess we have to live with whatever we have got:-)

      Reply
  • Aditi Shah

    Hi Aninda,

    What a wonderful site you have created!!!

    I was actually looking out for 1Stop guide to learn SAP Security. Once i browsed through this site of yours i was sure this is the place, and it is.

    Thanks a lot. This is going to help me a lot.

    Reply
  • Its super….but i am newly for this, so tell me, which format used for uploading the file? can u show me snapshot of upload file format.

    Thanks & Regards,
    Satish

    Reply
    • Hi Satish,

      The file format will differ depending on the parameters you are using in your LSMW script. In the “Specify Files” screen you get an option to specify the file that you are going to use for your load. I use a Comma Separated Variable (.csv) file. To get a .csv file you basically prepare your data in Excel and save the file as .csv instead of .xls. Hope this helps!

      Regards,
      Aninda

      Reply
  • I am an LSMW user and have 17 programs developed by my IT team. I support Master Data. But I am concerned that I cannot change the file name in the specify file step. Will SAP allow that single step to be maintained by the user without opening the other ‘Maintain’ steps?
    Thanks,
    Cathy

    Reply
    • Just changing the file name will not work. You will at least need to re-execute the rest of the steps (here I am talking about the steps that occur after specifying te file name) as new data from the new file needs to be read and then converted before being used in the script.

      Reply
  • Cynthia

    Hi,
    I am having problem trying to use LSMW to record infotype 0585 – this infortype contains a list table within the screen.
    Whenever I execute the script, the last row in the list table is not captured (I get a message that it is not found in the screen). Is there a way to overcome this ?

    Thanks++

    Reply
    • Aninda

      Hi Cynthia,

      Using LSMW to populate a table is always tricky as the system doesn’t know where in the table the new values are to be inserted. Though I am not familiar with this infotype, I would suspect that a similar situation might have occured. I am not guaranteeing that you will be able to successfully update it using LSMW. You can try re-cording the script once again and check that the you can actually update the infotype correctly the first time.

      Regards,
      Aninda

      Reply
  • Truely explained in very nice manner Aninda !!! Your dedication is totally appreciated !!!

    Reply
    • Thanks. You sound like my fifth grade teacher:-)

      Reply
  • Hi Aninda,
    Your explanation is very good so i appreciate u bcz its very helpful to security peoples i am newly searching for job so i have one silly doubt but plz explain my qus is How to assign different users and diffent roles?

    Thank You
    Naveen

    Reply
    • Hi Naveen,

      If I read this correctly, you are actually trying to assign different roles to different users in mass? There is no tcode to do this. SU10 will add the same roles to multiple users. If you are familiar with ABAP, you can actually create a custom program with the standard BAPIs that SAP provides for user administration. I get around the problem by creating a SECATT script which adds a single role to a single user. If you run this for a list of users and roles you end up with solving your requirement. But even this is not a very efficient solution.

      Regards,
      Aninda

      Reply
  • Hi Aninda,
    When I am recording su01 for ZUSRCREATE, I am not able to get PASSWORD field in it so I am not able to map it with PASWORD field in USRDATA. Please help.
    Thanks,
    Shweta

    Reply
    • I think there is a problem in your recording. Otherwise it should have been available. Try re-recording and try reseting password during the recording session. This will ensure that the screen is captured.

      Reply
  • srinivas

    Hi,

    i created LSMW for user creation it is creating user but not assigning Role and user group.But while recording values are populated.

    Even if i hard code the user group that value is not populating for user.

    Reply
    • Aninda

      Keep trying. A single LSMW script to create users and assign them roles will be tricky to create. I would suggest to split into two separate scripts.

      Reply
  • Simhadri

    Hi Aninda,

    Thanks for sharing this information…Can you please provide me the LSMW script for massive role validity changes..

    Thankyou
    Simhadri

    Reply
    • Hi Simhadri,

      The post explains the steps for creating a LSMW screen. After that you are unfortunately on your own.

      Regards,
      Aninda

      Reply
  • Kundan Kumar

    Thanks for the blog.. It’s really helpful… 🙂

    Reply
  • Siddharth K

    Hey Aninda…

    Great work !! .. Thanks for the posts…

    Respect

    Reply
  • Mallikarjuna

    Really good… 🙂
    who are looking help for SAP Security…….

    Reply
  • bhargav

    Hi Aninda,

    Thanks for your useful info, if possible share me some info on personalization tab in su01 and why this tab is mainly used.

    Regards,
    Bhargav

    Reply
  • Hi Aninda,

    Excellent instructions on using LSWM tcode. I was able to figure out how to create Object Attributes, Source Structues, Source Fields (perhaps this is where my issue resides), Structure Relations, but have had a hard time getting beyond this step of recording the LSWM to update 1 field within User Maste Records.

    Can you tell me how to create Source Fields and Maintai the Field Mappings?

    Reply
  • Rajendra

    Hi Aninda,

    your mode of describing was excellent. I was facing a issue while uploading the data
    when i run batchinput session last step it taking me to screen to create data which i am uploading first screen is fine coming to second tab i.e log on data tab,fields are miss matching.can you please suggest me.
    Thanks in advance.

    Regards,
    Rajendra

    Reply
    • Aninda

      The field mapping (the data uploaded to the fields used in the script) is controlled by how you map them in the initial steps of the LSMW script creation.

      Reply
  • Rajendra

    Hi Aninda,

    Thank you .
    It is cleared.

    Regards,
    Rajendra

    Reply
  • Hi Aninda,

    I tried uploading the data as per the steps mentioned by you. I tested with 2 user records.
    In steps 9 it shows me 2 written enteries but when i check in SU01 I dont find any of the two entries.
    Can you please suggest where I might have gone wrong.
    Need your help.

    Thanks
    Umesh

    Reply
    • Aninda

      Difficult for anyone to troubleshoot without actually looking at the script. My suggestion would be check the recording and also how the read data is being mapped to the screen fields in the recording. Thanks.

      Reply
  • sheenam

    Aninda,
    I am using LSMW script to create user and assign roles. Somehow, recording working fine for user creation, except assign role. Role assignment fields are not getting captured in the recording. Any idea why so?

    Reply
    • Aninda

      Nope. I believe you need to revisit the recording or to check how the input fields are being mapped to the fields captured during recording. I would have serious doubts if role assignments for any number of roles can be done in the same script as creating a user.

      Reply
  • hari

    Hi

    Your way of explanation is very helpful & it is very easy to understand.

    Sorry iam deviating this topic, please can you start some basics regarding SAP-BI security, it would be very helpfull.

    Thanks
    Hari

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *