how restrict authorisation
DESCRIPTION
How Restrict AuthorisationTRANSCRIPT
![Page 1: How Restrict Authorisation](https://reader035.vdocuments.us/reader035/viewer/2022071804/563db8a2550346aa9a957e72/html5/thumbnails/1.jpg)
Create user role in SAPSap menutoolsadministrationuser maintencerole administrationrolest.code – PFCG
On role maintainence screen,maintain following details: Enter new role ID that you want to create(in this configuration we are
going to create Z_ROLE_USER with certain T.code authorizations) Create single role button
On create role screen update the following details:
Description Long Text After update the details click on save
![Page 2: How Restrict Authorisation](https://reader035.vdocuments.us/reader035/viewer/2022071804/563db8a2550346aa9a957e72/html5/thumbnails/2.jpg)
Now we have to assign T.Codes to the roles.Go to Menuassign T.codesclick on transaction tab and shown below screen shot:
Now add all Transaction Codes that you want to assign to role and then click on assign transactions:
![Page 3: How Restrict Authorisation](https://reader035.vdocuments.us/reader035/viewer/2022071804/563db8a2550346aa9a957e72/html5/thumbnails/3.jpg)
Now we have generated authorization profile, following steps:
Click on authorizations tab,Next click on change authorization data
![Page 4: How Restrict Authorisation](https://reader035.vdocuments.us/reader035/viewer/2022071804/563db8a2550346aa9a957e72/html5/thumbnails/4.jpg)
Click on save yes options to save the role.
Now click on missing level and click on execute option as shown below:
Click on save button to assign profile name for generated authorization profile.
![Page 5: How Restrict Authorisation](https://reader035.vdocuments.us/reader035/viewer/2022071804/563db8a2550346aa9a957e72/html5/thumbnails/5.jpg)
Now assign particular users to role by click on user tab and update user ID as shown below:
Click on save button and save the details, successfully created users roles and assigned in SAP.
![Page 6: How Restrict Authorisation](https://reader035.vdocuments.us/reader035/viewer/2022071804/563db8a2550346aa9a957e72/html5/thumbnails/6.jpg)
You want to lock or unlock transaction codes in your SAP system.
SolutionTransaction code SM01 is used for the control of transaction code. From the SM01, you can either lock and unlock transaction codes. This SM01 is not advisable to execute because it can causeinconsistency in users administration.1. To lock a transaction code (for example here, ST03) put the transaction code and then pressEnter key which lists it in screen. Tick the box of the transaction and chose the button Lock/Unlockto toggle as required.
![Page 7: How Restrict Authorisation](https://reader035.vdocuments.us/reader035/viewer/2022071804/563db8a2550346aa9a957e72/html5/thumbnails/7.jpg)
Please follow the below steps
1) As you gonna assign a role to a user say A , goto to SU01 and enter the user name "A" and
navigate to the roles tab and check whether a role has been assigned if assigned, double click
on the role
2) change role screen of that role will open ---> Now assign the needed tcodes under MENU tab
by clicking ASSIGN TRANSACTION ---> now navigate to the Tab AUTHORIZATION --->
Change authorization data --> set the appropriate authorization level for the objects ---> save
and GENERATE (shift+f5) the profile
3)Now move to the tab USERS ( shows users assigned to the role)and do the USER
COMPARISON.
![Page 8: How Restrict Authorisation](https://reader035.vdocuments.us/reader035/viewer/2022071804/563db8a2550346aa9a957e72/html5/thumbnails/8.jpg)
Things to consider before you assign a T-code to the role
* A role contain several users, so adding a T-code will affect all users assigned to that particular
role. If several users are present in a role and you want to give authorization to only a particular
user its better to create a new role and assign the T-codes and then that user.