Create SAP Role

Author: [email protected] 74 views

Steps:

  1. Select “PFCG – Roles” like shown below.

2. This opens the “Role Maintenance” screen as shown below.

3. Enter “Z_FPC_PASSWORD” in the “Role” field and select the “Single Role” button.

4. This opens the “Create Roles” screen.

5. In the “Role” panel enter “Role assigned to the PWRESET user to be used for remote reset of user passwords” in the “Description” field and click on the save icon or press CTRL+S to save. Now select the “User” tab.

6. Add a row and enter “PWRESET” in the “User ID” column. Select any other tab and then select the “User” tab again to return to the screen below. Double check and verify if you are on the same screen as shown below.

7. Click on the save icon or press CTRL+S to save the information. Now select the “Authorizations” tab.

8. Enter “PWRESET” in the “Profile Name” field and enter “Profile for role Z_FPC_PASSWORD” in the “Profile Text” field.

9. Click the save icon or press CTRL+S to save the information. Now select the labeled “Expert Mode for Profile Generation” and a dialog like shown below will appear.

10. Select the “Do not select templates” button. The “Change role: Authorizations” screen will be shown.

11. You shall now grant privileges to the role. Select the “Z_FPC_PASSWORD” entry and click on the icon labeled “Manually”.

12. Enter “S_RFC” in the first fields, like shown below.

13. Click on the complete icon at the bottom.

14. Customize the added entry by entering the following information under the “Authorization Check for
RFC Access”:

Activity: Execute
Name of RFC to be protected: SYST, Z_FPC_PASSWORD

Note: The information is entered by clicking on the input field and selecting the values in the
presented dialog.

After entering the values the screen will look similar to the below.

15. Now select the “Z_FPC_PASSWORD” entry and click on the icon labeled “Manually” to add a second entry.

16. Once more enter “S_RFC” in the first field and click on the check mark icon. The screen will now have the new entry shown.

17. Click on the icon on the most left side of the icon bar at the top or press CTRL+Shift+F11 to also expand the just added entry.

18. Now customize the added entry by entering the following information under the “Authorization Check for RFC Access”:

Activity: Execute
Name of RFC to be protected: BAPI_USER_UNLOCK
Type of RFC object to be protected: Function Module

Note: The information is entered by clicking on the input field and selecting from the values in the presented dialog.

After entering the values the screen will look like the below.

19. Activity: Execute

Repeat the operation above with the following details:
Name of RFC to be protected: BAPI_USER_UNLOCK
Type of RFC object to be protected: Function Module

After this the screen, will look like this:

20. Now select the “Z_FPC_PASSWORD” entry and click once again on the icon labeled “Manually” to
add another entry.

21. Enter “S_USER_GRP” in the first field and click on the check mark icon. The screen will now have the new entry shown.

22. Click on the icon left on the icon bar at the top or press CTRL+Shift+F11 to also expand the just added entry.

22. Now customize the added entry by entering the following information under the “Authorization Check for RFC Access”:

Activity: Lock, Set Productive
User group in user master main: SUPER

Note: The information is entered by clicking on the input field and selecting from the values in the presented dialog.

After entering the values the screen will look like the below.

22. The configuration task is now completed but for the authorization profile to be used it must first be generated.

    • Click on the save icon or press CTRL+S to save the information.
    • Click on the red ball icon or press Shift+F5 to invoke the generation.
    • Click on the green arrow ball icon to return back to the “Change Roles” screen.
    • Click on the icon or press CTRL+S to save the information.
    • Click on the “User” tab.

23. Select the “PWRESET” user as shown above and click on the “User comparison” button.

A dialog like the below will be presented.

24. Click on the “Complete comparison” button.

On completion, you will again return to “Change Roles” screen.