on 01-06-2010 4:18 AM
Hi,
We are implementing security at my company for the first time. I have been asked to create new roles from scratch. I have been provided roles names and transaction codes to add to the roles. The functional people told me that i have to figure out what authorization objects i need to assign to the roles. How do i find out what authorization objects a role needs just by transaction codes given to me. I was told to use tcode: su24 and then enter the transaction code and execute to find out what authorization objects that tcode belongs to. This pulls up a lots of authorization objects for each tcode. What is the most efficient and correct way to find out what authorization objects i need to assign to a role with tcodes provided to me? Thanks!
These forums are not a substitute for basic training to do your job properly nor compensate for incomplete functional support.
Please read the forum rules at the top of the page before posting further.
Thread locked.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Once you create role and add t-code to the role, authorization object automatically gets added to role. You need to fill in Authorization values to the role. If you want to know what authorization object you need to add to the role, you can use ST01(System Trace). Create a test user and set system trace on that user which will give you details of what authorization object is needed in the role.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
As already mentioend that you will get those autho. object by default.
What values need to be provided in those autho object you can check with your functional consultant.
Cheers
Deepanshu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
when you add transaction to role in PFCG then SAP automatically pulls all related authorization objects. The transaction SU24 is used to configure which authorization objects are relevant to which transactions. Only objects with value Yes in columns Proposal are pulled into PFCG. So you don't have to add all authorization objects to role manually. You just need to assign all required transactions to your roles.
Cheers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.