A role can contain the following information:
Role name
Description text for the role
Menu structure of the role
Authorization profile data
Users or elements of the organizational plan to which the role is assigned.
MiniApps
Personalization data
Functions in the Initial Screen
Function |
Comments |
---|---|
|
Starts change mode, in which you can change and assign roles that have been delivered by SAP or that you have created yourself. |
|
Displays single roles or composite roles. |
|
Creates a single role. Creating Roles provides an overview of the procedure. |
|
|
|
Adds the role the list of favorites. The favorites are displayed when you start the role administration transaction, or when you choose the Favorites display using . To remove a role from the list of favorites, right-click the role name and, from the context menu, choose Delete from Favorites |
|
For single roles, shows the composite roles that contain the single role currently entered in the Role field. For compsite roles, shows which single roles are contained in the composite role currently entered in the Role field. |
|
Copies the role entered in the Role field. SAP delivers predefined roles as templates. The names of these roles start with the prefix SAP_. When copying these roles, use a name from the customer namespace. You can copy the user assignment and personalization objects along with a role. |
|
Deletes the role. To transport the deletion, record the objects that belong to the role in a transport request before the deletion. To delete the role in a system connected by an RFC connection, choose . |
|
|
|
Displays the transactions contained in the role. |
|
Allows you to select one of the following views for displaying roles:
|
|
Restricts the display of roles or removes the restriction. Note
The view Roles in Composite Role also displays the compsite roles that have been assigned a single role containing the relevant filter search string. |
Show Documentation |
Displays the documentation for delivered roles. In change mode, you can connect a document from the Knowledge Warehouse by choosing . |
Function |
Comments |
---|---|
|
Prints all of the data for the role (assignment of activities, organizational units, authorization data, user assignment, and so on). |
Download or Upload |
Downloads the role. To avoid inconsistencies, the system downloads all roles that have been derived from a role. If you download composite roles, this download also includes all of the contained roles. If you upload a role, the role data including the authorization data is loaded from a file into the SAP system. The user assignments for the role and generated profiles for the role are not uploaded. You therefore need to generated the authorization profiles after you have performed the upload. |
Read from Another System by RFC |
Imports a role from another system.
You can also use transaction SM30_SSM_RFC to enter the RFC destination as a variable. |
Function |
Comments |
---|---|
Status Overview |
Displays a list of all or of selected roles with status information about user assignment, menu, authorization profile, and user master record comparison. You can use the following options to restrict the result list:
|
Mass Generation |
Generates profiles for multiple roles simultaneously (see Performing a Mass Generation of Profiles). |
Mass Comparison |
Performs a user master comparison for multiple roles (see Comparing User Master Records). |
Mass Transport |
Transports multiple roles (see Transporting and Distributing Roles). You can choose whether you also want to transport:
|
Mass Download |
Downloads multiple roles to your PC. |
Mass Maint. of Price List Categories |
Starts the maintenance transaction for license attributes of roles. |
Role Comparison Tool |
Performs a (cross-system) comparison of role menus (see Comparing Roles). |
Templates |
Templates for roles. |
Function |
Comments |
---|---|
User Master Record |
Switches to user administration (see Creating and Editing User Master Records). |
Text Comparison for CUA Central System |
Sends current list of roles and profiles to the CUA central system. |
Display Changes |
Displays change documents. For more information about the user interface of the evaluation report, see the section Determining Documents for Roles and Role Assignments. |
Installation or Upgrade |
Starts the transaction for filling customer tables for role administration for first use or to update after an upgrade. The customer tables for role administration contain an adjustable copy of the SAP default values for the field values and check indicators (see Reducing the Scope of Authorization Checks). |
Check Indicator |
Starts the transaction to change check indcators and field values. |
or |
Displays authorization objects or deactivates authorization checks. |
Function |
Comments |
---|---|
Settings |
|
Transactions in Roles |
Finds all roles that contain a particular transaction. |
Functions in Change Mode
Function |
Comments |
---|---|
Role Obsolete and Reset Obsolete Role |
Marks a role as obsolete, but does not prevent its use. As the person responsible for the role, set the indicator in the following cases, for example:
The Role Obsolete indicator is also contained in the following User Information System reports about roles ( RSUSR070):
|
Function |
Comments |
---|---|
|
Links a role with a document that exists in Knowledge Warehouse. |
Customizing Auth. |
Assigns projects or view of Implementation Guide (IMG) projects to a role. With this assignment, you can generate authorizations for particular IMG activities in a targeted way, and assign them to users. When you generate profiles, the sytsem generates the authorization necessary to execute all activities in the assigned IMG projects or project views. A dialog box appears in which you can enter the assignment. To display more information about the use of this option, choose the Information button. |
Settings |
Starts the user master comparison when saving the role with the following selection:
|
Display Changes |
Starts the display of the change documents for role administration. |
Optimize User Assignment |
Starts report PRGN_COMPRESS_TIMES, which combines multiple assignments of a role to the same user, if the validity periods overlap. It also deletes expired role assignments if the indicator Remove validity periods that have already expired indicator is set. |
Function |
Comments |
---|---|
Org. Management |
Only active if you chose on the initial screen.Displays existing assignments for the role within HR Organizational Management. You can change these assignments. |
User Comparison |
Starts the user master comparison (see Assigning Users). |
Assignment of Price List Category |
Starts the maintenance transaction for license attributes of roles. |
Roles with Responsibilities
Roles with responsibilities that were created in releases 4.0A and 4.0B are migrated as of release 4.5A to separate roles that are derived from each other. As a result of the migration, you receive the roles that contain the transactions, and for each responsibility, a derived role that contains the authorization data and user assignments.