Manual authorization in PFCG
A guy in my company says that in PFCG it is not recommended to add an authorization manually on the profile. So, for any authorization object we want to add to a role, first it is necessary to change in SU24 the proposal field to YES (check maintain flag). With no exceptions. Even if the object is not checked in the main part of the transaction or if we want to add it only to one role among many that have this transaction (being necessary to inactivate it in the others).
Does anyone here adopt this policy or agree with him?
Generally I agree with him and this is the intended way of using PFCG.
> With no exceptions.
That is probably too strict, because there are different system types (e.g. BW) and ways of building special roles (e.g. RFC - certainly in earlier releases).
But you should be able to cover 90% of the use cases with SU24 tweaked to meet your needs.
> Does anyone here adopt this policy or agree with him?
I was on a BI course in Walldorf a few months back. The course presenter was building profiles with SU02 and changing authorizations with SU03.
I asked why he was not using PFCG, and he said something like: "Yes, you can do it that way as well".