Beruflich Dokumente
Kultur Dokumente
Suppose Role A has authorization for t-code MM01, and the role is assigned to use ABC, It means the user is
able to use the t-code MM01.
What is a Profile?
A profile is the element in the authorization system. Its allow an user to access the system.
For authorization check, The system checks on the particular profile which is assigned to user for the proper
authorization.
Create Role
T-code = PFCG
If you have a old role and you want to copy as a new role, then you can choose the option copy as…
Enter the old role in Role field then press copy as…
Give the new name in to Role and press “Copy all”, your new role will be copied. Then you can change the role
as you wish.
If you want to create a new one then just enter the name in Role and then press “Single Role”
1
The initial creation for the particular role will come.
We have to maintain The Menu, Authorization and User (If you want to maintain workflow, then you can
maintain).
Click on the Menu tab.
In this tab we will enter the t-codes which we want to give authorization to an user.
There are many option to insert t-code
Its used to enter a single t-code. Suppose you want to give the authorization for MM01 only,
then you have to click on transaction, and give the t-code MM01.
2
Its used to enter a whole menu area. Suppose you want to give the authorization for
all Inventory management’s T-codes , then click From SAP Menu and Select the Inventory Management option.
Lets give the authorization of all inventory management option, It means the use can do these all things which is
in under inventory management tab in main menu.
As we can see the Menu tab’s colour is Green. It means we have successfully assign the t-codes to this
particular user.
3
Here you have use a profile name for this role.
You can use the profile name as you wish or you can select Propose profile name to click the option
If you click the option, then system will propose you a 10 digit profile name and profile text (You can change the
profile text) , you can continue with system proposed profile name or you can give as yours.
Then you gave generate the profile. Select the last option “Expert Mode for Profile Generation”
4
You have to give the authorization for required data for inventory management.
Suppose you give company code X in this field, Then the user will only can do a entry for company code X. It is
for the all field which is shown in above figure.
5
Now press the User tab
Here just give the user id in the field “user ID”, to whom you want to give the authorization.
You can restrict the role and profile with validity period.
Now after giving the user name, press and then in the next screen,
press
Save your data, You can see a success message
It means the profile and role is successfully assigned to this particular user.
Now we can see the User option is also in green colour mode. It means we have successfully done this tab.
6
When the user trying to enter t-code under inventory management, the user can do the all. But whenever he will
try to enter t-code under purchasing and all (without inventory management), he will get a
message
If any authorization missing in inventory management, then we can also add the activity to the user. Its is clearly
discuss on this document
MM Related Authorization Objects – How to Find out & Assig,
If we want to restrict the storage location and G/L account, then we have to assign the storage location and G/L
in Role and we have to activate “Authorization Check for Storage Locations”
Go to OLMB-Authorization Management-Authorization Check for Storage Locations and Authorization Check for
G/L Accounts.
Tick for the storage location which you want check the authorization for user.
Tick for the company code which you want to check for the authorization.