Scribd
Upload
18 views26 pages

Gu_sap s4 Hana_creating Roles

Uploaded by

vahaho8305
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views26 pages

Gu_sap s4 Hana_creating Roles

Uploaded by

vahaho8305
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

MICKAEL QUESNOT ©

Creating Roles (PFCG) in SAP S/4 HANA On premise

Roles enable you to define user menus and authorizations for users in your system.

Procedure

1. Start Role Maintenance (transaction PFCG) and enter a name for the role.

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

1|P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

2|P a g e
MICKAEL QUESNOT ©

Tip

Do not enter a name that begins with a namespace prefix or the prefix SAP.

2. Choose Single Role.

3. Enter a text to describe the function of the role.

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

3|P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

4|P a g e
MICKAEL QUESNOT ©

4. On the Menu tab, assign transactions, reports, programs, Internet links, and intranet links to the
role.

The activities in the role menu structure are used by the system to create the authorizations
automatically.

The following table lists some of the ways to create user menus.

Table 1: Functions for Creating User Menus

Function Description

From the SAP Copy menu structures from the SAP menu into the user menu by selecting
Menu checkboxes. Expand the menu branch to put lower-level nodes or individual
transactions and programs in the user menu.

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

5|P a g e
MICKAEL QUESNOT ©

Table 1: Functions for Creating User Menus

Function Description

From Another Copy the menu structure of an existing role into the current role. You can select
Role the menu structure of a role delivered by SAP.

From Area Copy area menus (SAP standard area menus or your own) into the user menu of
Menu a role. Choose an area menu from the list of menus and select the transactions
you want.

Transaction Enter transaction codes directly.


Code

Report Enter reports, programs, transaction variants, and queries in the user menu.

Other Enter Internet and intranet links. Enter a descriptive text and the URL.

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

6|P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

7|P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

8|P a g e
MICKAEL QUESNOT ©

5. On the Authorizations tab, choose Change Authorization Data.

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

9|P a g e
MICKAEL QUESNOT ©

An input window may appear, depending on which activities you selected. You are prompted to
edit the organizational levels. Organizational levels are authorization fields, which occur in a lot of
authorizations. For example company code. If you enter a particular value in the dialog box, the
authorization fields of the role are maintained automatically.

The authorizations which are proposed automatically for the selected activities of the role are
displayed in the following screen. Some authorizations have default values.

Wherever traffic lights appear in the tree display, edit the authorization values manually. Edit the
authorization values by expanding the object classes and editing the authorization field.

When you have maintained the values, the system considers the authorizations manually
modified and does not overwrite them when you copy more activities into the role and edit the
authorizations again. To assign complete authorizations (*) for the hierarchy level for all
unmaintained fields, choose the traffic lights.

Wherever there are red traffic lights ( ), there are organizational levels with no values. You
can enter and change organizational levels with Organizational Levels….

Note

To display other functions in the tree, such as copying or collecting authorizations,


choose Utilities Settings .

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

10 | P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

11 | P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

12 | P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

13 | P a g e
MICKAEL QUESNOT ©

6. Choose (Generate) to generate an authorization profile for the authorizations.

You are prompted for an authorization profile name. The system proposes a valid name in the
customer namespace.

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

14 | P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

15 | P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

16 | P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

17 | P a g e
MICKAEL QUESNOT ©

7. Leave the tree display after the profile generation

Note

If you change the menu selection and call the authorization tree display again, the authorizations
for the new activities are added to the existing authorizations. Traffic lights may be switched to
yellow because new, incomplete authorizations appear in the tree display. Assign values manually
or delete them. Delete an authorization by deactivating it first and then deleting it.

You can add general authorizations, such as spool display or print with authorization templates to
the existing data. Choose Edit Insert authorizations From template … . Choose a template
(SAP_USER_B - Basis authorizations application users or SAP_PRINT - Print Authorization). You
can also create a separate role for clarity.

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

18 | P a g e
MICKAEL QUESNOT ©

8. On the User tab, assign users to the role.

The user menu appears when the assigned user logs on to the system. The system automatically
enters the generated authorization profiles in the user master record of this user, when you
compare the user master.

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

19 | P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

20 | P a g e
MICKAEL QUESNOT ©

9. On the User tab, choose User Comparison.

If you do not want to restrict the assignment validity period (default validity date is until 9999-12-
31), no further action is required. To restrict the validity period, schedule the
program PFCG_TIME_DEPENDENCY, which updates user master records, daily. If you use
organizational management, schedule the program.

Note

You cannot enter generated authorization profiles directly into user master records. Generated
profiles are only assigned to user master records by assigning users to roles and then comparing
users. The system enters the profiles for the role in all appropriate user master records.

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

21 | P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

22 | P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

23 | P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

24 | P a g e
MICKAEL QUESNOT ©

Results

You have created a role. A user menu appears for the user to whom this role is assigned when that user
logs on to the system. The user has the authorizations, which you specified to perform the activities in the
user menu.

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

25 | P a g e
MICKAEL QUESNOT ©

Mickaël QUESNOT

Directeur SAP SCM & Cloud Solutions (Concur, EnableNow)

https://www.linkedin.com/in/mickaelquesnot/

26 | P a g e

You might also like