Show TOC

Procedure documentationMaintaining Authorizations Locate this document in the navigation structure


You can use the Maintain Authorizations phase to maintain the role authorization data for the Single role type. This phase is not relevant for other role types and is not displayed for them.

Note Note

  • If you are updating an existing role, choose the Edit button to enable the buttons on the screen.

  • When in Edit mode, you cannot navigate to other phases. You must choose Save to make the Go To Phase button active.

End of the note.


  • You have access and authorizations to the required back-end system.

  • You have added the back-end system to the SAP GUI.

  • In your Windows system, you have configured SAP GUI as the default program for opening files with the SAP file extension.

  • You have assigned the default back-end system in the Customizing activity Maintain Mapping for Actions and Connector Groups, under   Governance, Risk, and Compliance   Access Control  .


The application provides different features for maintaining PFCG role authorizations and non-PFCG role authorizations.

Maintaining non-PFCG Authorizations
  1. On the Actions tab page, choose from the following features:

    • Choose the Add button to select from a list of available actions.

    • Choose the Download Template and Upload buttons to use the delivered file to add actions.

  2. On the Functions tab page, choose to add or remove functions.

  3. Save the entries.

Maintaining PFCG Authorizations
  1. On the Maintain Authorizations tab page, choose from the following features:

    • Add/Delete Function to maintain the functions for the role

    • Maintain Authorization Data to start the PFCG transaction on the back-end system

    • Synch. with PFCG to pull the role authorization data from PFCG and overwrite the role authorization data in access control

      Note Note

      In this mode, the application disables the Add/Delete Function and Maintain Authorization Data buttons. To cancel the synchronization and enable the buttons, choose the Cancel PFCG Synch. button.

      End of the note.
    • Propagate to Derived Roles to push any changes of role authorization data to all derived roles associated with this role

    • Push Authorization Data to Back-end System to push the role authorization data from access control to the back-end system and overwrite the authorization data in PFCG

  2. Save the entries.

Note Note

The following tab pages are read-only and display authorization data from the back-end system for the role:

  • Actions

  • Permissions

  • Organizational Levels

  • Functions

End of the note.

More Information