06. Role Process Flow

Process Flow

 You define the roles for the various job descriptions with the permitted activities. The Profile Generator determines the authorizations for users for a particular role based on this information. The basic process is as follows:

1. Assign the job descriptions to transactions.

Define job descriptions for each application area in your company (for example, in a job description matrix). Determine for each description the menu paths and transactions that the users with this job require. Determine both the required access authorizations (display, change) and any restrictions.

2. Maintain activity groups or roles with the role maintenance and the Profile Generator (transaction PFCG).

Use the role maintenance functions to create the roles or activity groups that correspond to the individual job descriptions. For each role or activity group, choose the tasks (reports and transactions) that belong to the job.

3. Generate and maintain authorization profiles.

In this step, the profile generator automatically generates the authorization profile for the activity group or role. To accept or change the proposed profile, you must work through the tree structure of the profile and confirm the individual authorizations that you want to assign to the activity group or role.

4. Assign users.

In this step, you assign the users that belong to the relevant roles or activity groups.

5. Update the user master records.

The user assignment and the generated profile must be updated in the user master records. There are a number of ways in which you can do this (depending on your release status):

·         In all releases, you can schedule a background job that regularly updates the user master records.

·         As of SAP R/3 4.5, you can either use the user comparison function or have the user master records automatically updated when saving the activity groups or roles. (Choose Utilities? Settings,_and activate the option _Automatic comparison at save.)

Even if you use the User Comparison function or the option Automatic Comparison at Save, we recommend that you schedule a background job and ensure that all user master records are regularly automatically updated.