Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

How do we set the Authorizations in Role Creation?


I am new to Security and in need of help!

I have this scenario and need your expertise idea and guidance.

1) Initial requirement: (Solved)

  • Please create an user administration role.
    Users having this role should not be able to add roles to an user.

So far, I have created a single role "ZES_VAL_USER_ADMIN" using the TCD PFCG.

To this role, I have assigned the transaction SU01 - MAINTAIN USERS. By assigning this role, Users could access SU01 but were not able to add Roles to an user.

2) New Requirement:

Now, I need to modify the authorizations of this role "ZES_VAL_USER_ADMIN" and generate the profile, so that the users now should be able to Assign Roles to users.

I tried giving the S_USER_GRP Activities with the "create and assign" options, but still, the users with this role are not able to assign roles in SU01.

Please see the attached snapshots.

Error Message:

Please help!

Thanks in advance,


Former Member replied

Hi Mitchel,

When you see the error screen " you are not authorized to assign role" straight away run the tcode SU53(you should assign SU53 to that user), see the output screen which tells about the missing authorization. Main purpose of SU53 is to find the last missing authorization for a user.

If still SU53 can't provide you the solution, you start activating the authorization trace in ST01 for that particular user and see the result log. Deactivate the trace as soon as you find the cause of missing authorization. Keeping trace activated leads to disk size full.

Please go through this page to understand how to activate authorization check using ST01



0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question