I have roles created for various jobs within our organization and use derived roles to limit transactions to a particular site. Each role has a mix of standard and custom tcodes. I have a user trying to launch a particular custom tcode and gets an error. When evaluating SU53, it shows the missing authorization is PFCG which the user does not and will not have. How is PFCG being associated with this code? Where else can I look to troubleshoot.