Hi SCN Friends, good afternoon:

Recently, I have started to work with the roles needed by users, so they can access Process Control and It's resources.

I Used as Base the SAP Security Guide for GRC and the SAP NOTE 1572360.

I think I understood the Second level authorization concept (GRFN_USER overwrite GRFN_API and must be set up with ACTVT 16, so GRFN_API will start to control the user access.) I created some roles and i'm pretty sure that what i have done in the roles is alright.

Then I went to SPRO, activated the second level authorization, and filled out the roles assigning it to the CORPORATE level (that i believe to be the Higher and Wider level), even not knowing clearly what I was doing.

Regarding to the SAP NOTE, I understood that this should be enough to restrict the user access. However, after performing these steps, user can only view the tabs and some menus, but all the rest is not displayed.

Did I miss something? What can I been doing wrong? It's necessary to fill some form in the front end?

Notes: I already applied the SAP Note 1681453

Best Regards:

Caio Calisto