Skip to Content
avatar image
Former Member

SAP SECURITY

How to Check authorization setting in role Eg: FA_Admin and add a transaction to the roles defined with the same authorizations.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    Dec 20, 2006 at 06:33 PM

    Hi,

    Use T-Code PFCG to chek the authorization and add T-Codes to the role.

    If you need more help or step by step let me know

    I will explain in detail.

    Cheers

    Soma

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi,

      Please follow the below steps if you are not clear let me know I will explain to that context.

      1. To identify what objects are maintained

      Go to T-Code SU24.

      you will be prompted with screen

      . Maintain check indicators for transaction codes

      Define interval for tansaction code

      Transaction code YDAR

      execute (click on clock icon)

      next screen

      click on check indicator (view)

      You will be displayed with following details

      U N C CM Check ID Object Object name

      List out all the check/maintain objects

      STEP 2.

      Go to T-code PFCG enter the role Z:cs_dar_user

      Click on (display role button)

      You will be displayed with tabs (description, menu, workflow, authorizations, user....)

      Click on Authorizations tab

      Click on Display Authoirzation Data (button) whic is at bottm left

      Next you will be displayed with list of objects and objects class

      (If techinical names are off go to on the top menu (Utilities) click you will find option of techinical name on click on this)

      once the techinical names are on

      search for the objects which are found(listed) in the T-code SU24

      (to Search for the object (ctrl+F) or click on binocolor icon)

      Type each object and find the values (like Activity) make a note of it.

      Click on the back button or (F3) come out of the role

      STEP 3.

      To Add the T-code in new role (or which ever role you want to enter)

      Go to PFCG type the role Z:xxxxxxx click on the change buttone (Pencil icon button)

      You will be prompted with tabs ( description, menu, workflow, authorizations, user..)

      Click on Menu Tab

      You will find the Role menu tab

      if you have multiple (folders) under role menu choos the Folder in which you want to add T-code "ydar"

      Click on the Transaction button ➕ icon.

      You will prompted with blank pop up with Transaction code and text

      Just enter the T-Code in Transaction code block Ydar and click on Assign transactions (bottm left button)

      You can see the T-Code ydar in the list of menu (or) in the folder which have choosen

      NEXT

      Go to Authorization tab

      Click on Expert mode for Profile Generation (Bottom and last button)

      you will be prompted with pop up with three options

      choose 3rd option --- Read old status and merge with new data

      Again search for the objects and values which you have noted in

      If you have same values then just generate the role (shift+F5) or click on menu Authorization you will have drop down in that you will have option of generate.

      once generate go back (F3).

      By this you will have the T-Code ydar in the role.

      If you want to compare the two roles for its values go to SUIM then check for the two roles you can find differences if any.

      If you find any difference then follow the PFCG steps and modify accordingly.

      I hope this helps

      Cheers

      Soma