11-27-2008 10:58 AM
Hi
i want to know the full relationship between creation of roles , authorization objects ,authorizations in web as abap
Please explain the process in detail the use of PFCG and all its options and how to create Z roles
11-27-2008 11:00 AM
11-27-2008 11:02 AM
11-27-2008 11:38 AM
> how can i get it ?
Go to your SAP education website and see when it is scheduled. It's a three day course.
>do you have any documentation for it
Nope. Course materials are copyrighted. Asking for it is already against the forum rules.
11-27-2008 11:40 AM
11-27-2008 11:43 AM
>
> Hi
> I meant do you have any similar docuemntation on this
No, sorry, I'm always glad to help people with specific problems but teaching freshers is something I do not do for free. Please take the course at your nearest SAP training center.
[SAP ADM940 information|http://www.sap.com/services/education/catalog/netweaver/course.epx?context=%5b%5b%7cADM940%7c%7c%7c052%7cG%5d%5d%7c]
11-27-2008 11:55 AM
11-27-2008 12:47 PM
Hi Biswajit,
As Jurjen suggested to ask for such an document is against the forum rules. But, I would not want you to feel unhappy, hence I shall give you a brief step by step procedure for creating a single role.
1) Go to PFCG in the role name give any name say Z_BUYER and give a short description, chose create
2) Go to the menu tab, system will prompt you save first, do it.
3) click on transactions button and add the tcodes you wish to assign, say ME21N in this case
4) Go to authorizations tab, system will again ask you to save, do it.
5) Click on change button (pencil)
6) system will pop up the org levels window, you can enter the org levels here
7) If step 6 is done you will have auth objects which are either green or yellow else, you may also have red traffic lights for missing org level objects
😎 expand objects in each class and fill in the required values
9) once all objects are green you can save, system will prompt you to name a profile and may also suggest a default profile name
10) accept it and and then click on generate (red and white wheel)
11) step 10 generates teh profile and activates the authorizations in the profile
12) Click on back and assign a user name in the user tab and click in user comparison, this step will provide the neccessary authorizations to the user.(if the role is already assigned to teh user and you are just making changes in teh authorizations then user comparison is not required. simple generation of profile will be sufficient)
Rest is for you to explore and learn...All the best
11-27-2008 11:07 AM
Although, It would be a very long document to explain the query, I have briefed you on the concept. I hope it leads you well.
- Roles are nothing but a container for authorizations. A role represents a specific part of an employeeu2019s job.
- The R/3 authorization concept permits the assignment of either general and/or finely detailed user authorizations. These assignments can reach down to transactions, field and field value level.
For e.g. If a user wants to create a PO we can restrict him on:
u2022 Activity : Create/Change/Display
u2022 Org elements like Company Code, Plant, Purchase Organization etc
u2022 Document type etc.
- Authorization objects are grouped in an object class such as Materials Management: Master Data (MM_G). Each Object Class may have several authorization objects and within each object we can have several authorizations (max. up to 99).
- Fields :The permissible values for the fields constitute the authorization. For e.g. ACTVT (Activity) is a field with permissible values of 01 (Create), 02 (Change) & (03 Display) for the object M_MATE_CHG (Material Master: Batches/Trading Units). Value * for field BEGRU signifies all possible values.
- An authorization allows you to carry out an R/3 task based on a set of field values in an authorization object. By themselves authorizations do not exist and they only have a meaning inside a profile
- Authorizations are contained within profiles and these profiles are assigned to users manually or automatically via role assignment. When you assign the field values for all the authorization objects and save system will auto generate a profile name.
- Authorization check are included in the transactions source code in standard SAP R/3.A user may carry out an action if the authorization check is successful for each field in the object.
Edited by: Subramaniam Iyer on Nov 27, 2008 12:08 PM
11-27-2008 11:23 AM
Hi
Thanks for the brief introduction.But a step by step guide would be really helpful
Thanks
11-27-2008 4:33 PM
Hi Biswajit Chatterjee,
We have had many such answers and there is a lot of information available which you can easily find with a simple search on help.sap.com, without having to fill the forums with duplicates of it.
Please put in a bit more effort with the search before asking questions.
I will assume this one closed now.
Thanks,
Julius