Create user role in SAPSap menutoolsadministrationuser maintencerole administrationrolest.code – PFCG

On role maintainence screen,maintain following details: Enter new role ID that you want to create(in this configuration we are

going to create Z_ROLE_USER with certain T.code authorizations) Create single role button

On create role screen update the following details:

Description Long Text After update the details click on save

Now we have to assign T.Codes to the roles.Go to Menuassign T.codesclick on transaction tab and shown below screen shot:

Now add all Transaction Codes that you want to assign to role and then click on assign transactions:

Now we have generated authorization profile, following steps:

Click on authorizations tab,Next click on change authorization data

Click on save yes options to save the role.

Now click on missing level and click on execute option as shown below:

Click on save button to assign profile name for generated authorization profile.

Now assign particular users to role by click on user tab and update user ID as shown below:

Click on save button and save the details, successfully created users roles and assigned in SAP.

You want to lock or unlock transaction codes in your SAP system.

SolutionTransaction code SM01 is used for the control of transaction code. From the SM01, you can either lock and unlock transaction codes. This SM01 is not advisable to execute because it can causeinconsistency in users administration.1. To lock a transaction code (for example here, ST03) put the transaction code and then pressEnter key which lists it in screen. Tick the box of the transaction and chose the button Lock/Unlockto toggle as required.

Please follow the below steps 

1) As you gonna assign a role to a user say A , goto to SU01 and enter the user name "A" and

navigate to the roles tab and check whether a role has been assigned if assigned, double click

on the role 

2) change role screen of that role will open ---> Now assign the needed tcodes under MENU tab

by clicking ASSIGN TRANSACTION ---> now navigate to the Tab AUTHORIZATION --->

Change authorization data --> set the appropriate authorization level for the objects ---> save

and GENERATE (shift+f5) the profile 

3)Now move to the tab USERS ( shows users assigned to the role)and do the USER

COMPARISON. 

Things to consider before you assign a T-code to the role 

* A role contain several users, so adding a T-code will affect all users assigned to that particular

role. If several users are present in a role and you want to give authorization to only a particular

user its better to create a new role and assign the T-codes and then that user.