How to Create & Copy user role in SAP system
A role is you assign to your users the user menu that is displayed after they log on to the SAP system. Roles also contain the authorizations that users can use to access the transactions, reports, Web-based applications, and so on that are contained in the menu.
Roles should be created in Y & Z Only. From A to X. These are by default used for SAP.
Overview of Role
- Menu
- Profile
- Authorization / Authorization Objects
- Organization level /Field and field values.
- Users
Menu
In the menu, one can add SAP Transaction codes (Standard or custom), Reports, Web-based applications and etc.
Profile
Profiles are the objects that actually store the authorization data.
Authorization / Authorization Objects
An entry in the user master record as part of an authorization profile. Authorization consists of full or generic values for the authorization fields in an authorization object. The combination determines which activities a user can use to access certain data.
Authorization Objects
Combinations of authorization fields, which represent data and activities, are used to grant and check authorizations. Authorization objects are grouped together in authorization object classes.
Organization level
This defines actually the organizational elements in SAP for example Company Code, Plant, Planning Plant, Purchase organization, Sales organization, Work Centers, etc.
Field and field values
In order to restrict the access one can control the values in the respective Authorization Objects. (For example Authorization object F_BKPF_BUK: Accounting Document: Authorization for Company Codes, contains the relation between fields: BUKRS = Company Code and ACTVT = Activity).
Users
One should assign the role to a specific user with user comparison so they can access the particular T-code and authorization.
Types of Roles in SAP
- Individual / Common Role.
- Master and Derived Role.
- Composite Role.
Individual / Common Role
Base role with the desired Authorizations as per the purpose of the role; with the organizational levels as Company Code, Plant, Sales Organization, Profit Center and etc.
Master and Derived Role
Master Roles
With Transactions, Authorization Objects, and with all organizational level management.
Derived Roles
With organizational level management and Transactions and Authorization Object copied from Master Role.
Composite Role
It’s a collection of many derived roles or single roles.
How to create a role in the SAP system?
Solution
Execute T-code PFCG
Create a role with starting Y or Z. As shown below.
Then click on sing role.
Add the Description and save.
Go to the Menu tab click on transaction add the T-code.
Enter the T-code and click on Assign Transactions.
Go on Authorizations Tab and click on Propose profile names.
Then Click on Change Authorization Data
Click on Yes
Click on Continue.
Click on generate.
Go on the Users Tab and add the users.
Click on User Comparision and click on YES and Full Comparssion.
How to copy role in SAP system
Execute T-code PFCG
Mention Role which wants to copy
And tap on the copy role option (or) GoTO Role and Copy (Shift+F11)
Select a new role name and click on Copy all
New Role Copied and then click on Change
GoTo Authorizations tab and click on Edit authorization data
Generate Profile Name
Click on change
Tap Generate profile
Click on generate
Once a profile has been generated
GoTo User tab Maintained user ID and click on User Comparison
Click on yes
Click on Full Comparison
Role Copied and assign to user