Role Generator 
Use
The role generator (transaction /ISDFPS/ROLE_MANAGER) is used to assign roles and authorizations for users that are allocated to an organizational structure consisting of force elements.
You can use the role generator to:
· Define reference roles
· Derive roles from reference roles and assign them to users
· Determine values for the relevant organizational level fields
· Generate the appropriate authorization profiles
· Navigate directly to the SAP user administration applications relevant for these actions
· Automate the process for updating authorizations by scheduling regular jobs
Existing authorizations have to be updated, for example, when the properties or assignments of a force element are changed.
Integration
Checks and follow-up actions are available for cases in which the status of a force element is changed.
See also Additional Role Generator Tools.
Prerequisites
To be able to use the role generator, you must have
· Mapped the required organizational structures
· Assigned users to the relevant people as required using the infotype 0105 (subtype 0001).
· Made settings for the role generator in Customizing for Defense Forces & Public Security by choosing Organizational Flexibility ® Force Element ® Role Generator.
Activities
Prerequisites
You have called up the role generator.
Creating a Reference Role
...
1. In the role generator, choose the Overview tab page.
2. Enter the required name for the reference role and choose Create.
3. Save the role.
4. Choose Change.
The standard application for Role Maintenance (transaction PFCG) is automatically displayed.
Creating and Assigning a Derived Role
...
1. In the role generator, choose the Action tab page.
2. Enter the required name for the derived role and choose Create.
Use the customer-specific name space.
3. Select the required reference role.
4. On the next screen, define the relationship between the role and the position. To do so, choose Create Assignment.
During this process, the system reconciles the organizational level fields.
5. Reconcile the indirect user assignments manually.
6. Choose Back.
This derivation is stored in table /ISDFPS/AGR_DEF. The organizational level fields are determined for the role and written to table AGR_1252.
Administrative Actions
On the Action and Overview tab pages, you can navigate to the standard applications for editing your roles:
· Roles (PFCG pushbutton)
· Authorizations (Profile pushbutton)
· User assignments (Org. Management pushbutton)
· User comparison (User Comparison pushbutton)
· Role comparison (Single Comp. and Full Comp. pushbuttons)
¡ In single comparisons, a derived role is compared with its reference role. As a result, all authorization fields are transferred from the reference role. The organizational level fields are retained and not transferred from the reference role.
¡ A full comparison must be carried out if the reference role has changed and these changes are to be forwarded to the derived roles.
During this process, the system reconciles the organizational level fields.
· Transport (Indiv. Transport and Mass Transport pushbuttons)
Changing a Role
...
1. In the role generator, choose the Overview tab page.
2. Specify the required name and choose Change.
The standard application for Role Maintenance (transaction PFCG) is automatically displayed.
3. Choose Back after you have edited the role.
This takes you back to the Overview tab page. If the role is a reference role, all the roles derived from this role are displayed.
Changes made to a role only become active once the relevant user has logged on again. Changes made to a profile become active immediately. The current transaction, however, has to be restarted.
Deleting a Derived Role
...
1. In the role generator, choose the Action tab page.
2. Specify the required name for the derived role and choose Delete.
This deletes the role.
Displaying Organizational Objects
...
1. In the role generator, choose the Struct. tab page.
2. Specify the required object.
The selected object is displayed with its subordinate objects.