Beruflich Dokumente
Kultur Dokumente
Step 1
You should note that the roles supplied by SAP begin with the prefix "SAP_". If you are creating
Step 2
On the next screen, describe the functions that the role is to include.
Step 3
The menu options selected in this step are displayed in the Session Manager and on the "SAP
Easy
Access" logon screen as the User menu for all users who are assigned to the role.
Step 4
Depending on the transactions you have chosen, the system may display a dialog box that asks you
to maintain the organizational levels. These are authorization fields that occur in several
authorizations at the same time and that can be maintained together, An example is the company
code, which occurs in several authorization objects. When you assign values to the organizational
levels, you maintain the authorization fields for all authorizations in the tree display that is displayed
The system displays a tree display for all authorizations that are proposed by SAP for the chosen
transactions. The authorizations already have some values.
- Yellow traffic light icons in the tree display indicate that you need to manually postprocess
authorization values. You enter these values by clicking a white line next to the name of the
authorization field. Once you have maintained the values, the authorizations are regarded as
having been manually modified. They are not overwritten if you include additional transactions
and reprocess the authorizations. By clicking the traffic light icon, you can assign full
- Red traffic light icons indicate that there are organizational levels that do not yet have values.
- If you want additional functions in the tree display, such as to copy or summarize
authorizations, choose Utilities -> Settings and select the appropriate option.
- Enter a name for the authorization profile in the next dialog box, or use the valid name in the
- If you change the menu selection and call up the menu display for the authorizations again, the
system tries to mix the authorizations for the newly added transactions with the existing
authorizations. This may mean that the traffic light icons turn yellow, as new incomplete
authorizations appear in the tree display. You need to either manually assign values to these, or
delete them.
- You can delete an authorization by first deactivating it and then deleting it.
- General authorizations such as spool display and print are not usually stored with transactions.
For this purpose, you can add authorization templates to the existing data. To do this, choose
Edit -> Insert authorizations -> From template... and choose one of the templates (for
authorization). Alternatively, you can create a separate role for these general authorizations
ep 5
- Otherwise, the generated authorization profiles are automatically entered in the user master
records when you perform the User master record comparison . To do this, choose
Compare users on the Users tab page and choose Full comparison.
- If you do not restrict the period of the assignments and use the default period (current date to
12.31.9999), no further action is necessary. If you make any other time restrictions, you need
updates the user master records. You must also schedule this report if you are using
Organization Management.
Caution
Never enter the generated authorization profiles directly in the user master records, as is the case
with authorization profiles that are created manually. You can only link generated profiles and users
by assigning the corresponding role to the users, and then performing a user master record
comparison. During the comparison of the user master records, the profiles for the role are entered
Step 6
To transport the role to another system, you must enter the role in a transport request.
- To do this choose Role -> Transport. You can now specify whether or not the user
- The authorization profiles are transported unless you have explicitly specified that you do not
- After the import into the target system, you have to perform a complete user master
comparison again for hte imported roles. You can start this comparison manually or use report
See also: