cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to know which authorization object to assign

Former Member

on ‎01-06-2010 4:18 AM

0 Kudos

Hi,

We are implementing security at my company for the first time. I have been asked to create new roles from scratch. I have been provided roles names and transaction codes to add to the roles. The functional people told me that i have to figure out what authorization objects i need to assign to the roles. How do i find out what authorization objects a role needs just by transaction codes given to me. I was told to use tcode: su24 and then enter the transaction code and execute to find out what authorization objects that tcode belongs to. This pulls up a lots of authorization objects for each tcode. What is the most efficient and correct way to find out what authorization objects i need to assign to a role with tcodes provided to me? Thanks!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎01-06-2010 8:08 AM
0 Kudos

These forums are not a substitute for basic training to do your job properly nor compensate for incomplete functional support.

Please read the forum rules at the top of the page before posting further.

Thread locked.

Show replies
Show replies
Former Member
‎01-06-2010 7:49 AM
0 Kudos

Hi,

Once you create role and add t-code to the role, authorization object automatically gets added to role. You need to fill in Authorization values to the role. If you want to know what authorization object you need to add to the role, you can use ST01(System Trace). Create a test user and set system trace on that user which will give you details of what authorization object is needed in the role.

Show replies
Show replies
Former Member
‎01-06-2010 7:08 AM
0 Kudos

Hi,

As already mentioend that you will get those autho. object by default.

What values need to be provided in those autho object you can check with your functional consultant.

Cheers

Deepanshu

Show replies
Show replies
martin_voros
Active Contributor
‎01-06-2010 5:50 AM
0 Kudos

Hi,

when you add transaction to role in PFCG then SAP automatically pulls all related authorization objects. The transaction SU24 is used to configure which authorization objects are relevant to which transactions. Only objects with value Yes in columns Proposal are pulled into PFCG. So you don't have to add all authorization objects to role manually. You just need to assign all required transactions to your roles.

Cheers

Show replies
Show replies
Ask a Question