It is important to realize that the CUA environment uses a different set of BAPIs. The rest is easy. If it helped, leave a comment ;-)
FUNCTION /yournamespace/fm_add_role.
*"----------------------------------------------------------------------
*"*"Local Interface:
*" IMPORTING
*" REFERENCE(IV_USER) TYPE XUBNAME
*" REFERENCE(IV_ROLE) TYPE AGR_NAME
*" REFERENCE(IV_UNTIL_DATE) TYPE SUID_CHANGE_TO_DAT
*" REFERENCE(IV_SUBSYSTEM) TYPE RFCRCVSYS
*" EXPORTING
*" REFERENCE(ES_RESULT) TYPE BAPIRET2
*"----------------------------------------------------------------------
DATA:
lt_result TYPE STANDARD TABLE OF bapiret2,
lt_role TYPE STANDARD TABLE OF bapilocagr,
ls_role LIKE LINE OF lt_role.
FIELD-SYMBOLS:
<fs_result> LIKE LINE OF lt_result.
* Authorization check - up to you
* Get all current role assignments
CALL FUNCTION 'BAPI_USER_LOCACTGROUPS_READ'
EXPORTING
username = iv_user
* with_text =
TABLES
activitygroups = lt_role
return = lt_result.
IF lt_result IS NOT INITIAL.
LOOP AT lt_result ASSIGNING <fs_result>.
IF <fs_result>-type EQ 'E'.
es_result = <fs_result>.
RETURN.
ENDIF.
ENDLOOP.
ENDIF.
* Remove all previous role assignments - remove duplicities
DELETE lt_role WHERE ( agr_name = iv_role ) AND ( subsystem = iv_subsystem ).
* Add a new role and assign all back
ls_role-agr_name = iv_role.
ls_role-from_dat = sy-datum.
ls_role-to_dat = iv_until_date.
ls_role-subsystem = iv_subsystem.
APPEND ls_role TO lt_role.
* Assign roles on CUA system
CLEAR lt_result.
CALL FUNCTION 'BAPI_USER_LOCACTGROUPS_ASSIGN'
EXPORTING
username = iv_user
no_db_update = ' '
incl_hr_assign = ' '
distribute_change_only = ' '
TABLES
activitygroups = lt_role
return = lt_result.
IF lt_result IS NOT INITIAL.
LOOP AT lt_result ASSIGNING <fs_result>.
IF <fs_result>-type EQ 'E'.
es_result = <fs_result>.
RETURN.
ENDIF.
ENDLOOP.
ENDIF.
*-----------------------------------------------------------------------
* CODING FOR LOCAL SYSTEM ONLY (NON CUA) - modified example from
* https://www.youtube.com/watch?v=F38NHpOPq-Q&ab_channel=Cust%26CodeinSAPABAP*-----------------------------------------------------------------------
* DATA:
* lt_result TYPE STANDARD TABLE OF bapiret2,
* lt_role TYPE STANDARD TABLE OF bapiagr,
* ls_role LIKE LINE OF lt_role.
*
** Get current user roles
* CALL FUNCTION 'SUSR_USER_AGR_ACTIVITYGR_GET'
* EXPORTING
* user_name = iv_user
** WITH_TEXT = ' '
* TABLES
* user_activitygroups = lt_role
* EXCEPTIONS
* user_name_not_exist = 1
* OTHERS = 2.
* IF sy-subrc <> 0.
* MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
* DISPLAY LIKE sy-msgty
* WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
* RETURN.
* ENDIF.
*
** Remove all previous role assignments - remove duplicities
* DELETE lt_role WHERE agr_name = iv_role.
*
** Add a new role and assign all back
* ls_role-agr_name = iv_role.
* ls_role-from_dat = sy-datum.
* ls_role-to_dat = iv_until_date.
*
* CLEAR lt_result.
* CALL FUNCTION 'BAPI_USER_ACTGROUPS_ASSIGN'
* EXPORTING
* username = iv_user
* TABLES
* activitygroups = lt_role
* return = lt_result.
*
ENDFUNCTION.
