Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Security upgrade question

Hello there, we have just gone through some new installations and upgrades (support pack level.. etc.). We've encountered few problems after this, could anyone of you kindly advise.

After running the program PFCG_TIME_DEPENDENCY in SA38, we received the following warning messages:

"Authorisation profile for role SAP_XXXXX does not exist", and

"Role SAP_XXXXX does not contain a profile or authorisations"

When I further select the message, it navigates me to another message that says "Messages for SU22 and the Profile Generator".

I checked these roles (all are SAP standard roles) in PFCG, and those that do not contain authorisation profile is because the organizational level is not maintained.

Now my question is, do I need to separately go though all these hundreds of roles one by one to maintain the organizational level for them, or is there way to mass-maintain?

Or.. does this have anything to do with SAP_ALL profile regenerate, will that help?

Thank you for answering!

replied

> p/s besides, we've encountered another issue while running PFCG_TIME_DEPENDECY, I will post it out in a separate message.

Just a guess from me now: You are using composite roles which have the same single roles in them a multiple of times but with different validity dates? If so, the answer is PRGN_COMPRESS_TIMES.

(just a guess in the dark)

Cheers,

Julius

0 View this answer in context

Helpful Answer

by
Not what you were looking for? View more on this topic or Ask a question