Dear Livingston,

The logic behind the traffic signals in the Change Authorization Data page is not as explained prior.

The simple explanations are provided in the help legend in the same page.

To further elaborate, when you are creating a role with a set of transactions being added to the role from the SAP Menu in the Menu tab of PFCG, SAP organizes the set of Authorization Objects and the Authorization Values as pre-defined for the transactions that is added.

If certain transactions are left with open fields in the SAP definition these fields appear unmaintained in the Change Authorization Data page. It is the responsibility of the BASIS Consultant of the Security Consultant to fill the unmaintained fields, not just by making them red to green or yellow to green by clicking on the buttons but by finding the correct values that needs to be assigned as authorizations to the role in turn to the user.

For example, if you have added a functional transaction to a role - a set of authorization objects depending on the dependency of the transaction are added to the role. The organizational levels which are the base of the functional working of the business in SAP are added without the specific value for the organizational value being added, as a BASIS consultant we need to analyze the role with the help of the corresponding functional consultant to identify the activity of the role and assign only the needed Organization Values. This is the situation in which you find the Authorization fields to be in RED color.

Similar to the above mentioned case when an authorization object field is not completed with an activity for example Read, Write, Display etc access - you find the field to be Yellow when you assign a particular activity to the field the same turns to maintained level and the representation is shown green.

The objects which are by default maintained is shown green, to generate a role completely and to effectively use the authorizations assigned we need to completely maintain the role, i.e all the fields needs to be maintained.

By simply changing the status of the field from red to green or yellow to green you are giving complete authorizations to the corresponding activity - which is not recommended in certain categories.

Hope the explanation is clear - let me know your response.

Thank you

Regards,

Vineeth

Hi,

In PFCG, after assigning the Authorizations to the role, if the object is yellow, then click on the last dot of tat array wer u c the traffic lite to make it green. This means nothing but the authorization object is acitvated. Once done, you need to "Save and Generate" for the authorization object to display green.

If its red, then try activating it as mentioned. If it does not get activated, then there lies an issue with the object.

Do not forget to goto User tab and assign the user to this role. Once done, perform User comparison to make it completly green.

Changing the object from red->yellow-> green lies in your hand. Activating it completly makes it green. I hope I have answered your Q just enough.

Rgds,

Soujanya