A single administrator (superuser) or a group of administrators assign authorizations, depending on the size and organization of your company. By assigning authorizations, the administrator determines (within the range of possibilities defined by the programmer) which functions a user may execute or which objects he or she may access.
The following rules apply to the use of placeholders in manual authorizations (transaction SU03) and in roles (transaction PFCG):
As an administrator, you perform the following steps to assign authorizations:
Editing authorizations for each authorization object
An authorization is the combination of permissible values in each authorization field of an authorization object.
Generating authorization profiles
Authorizations are grouped in authorization profiles in such a way that the profiles describe work centers, for example, flight reservation clerk.
Assigning authorization profiles to a user master record
By assigning the roles, you assign the corresponding authorization profiles (work centers) to a user master record.
When an authorization check takes place, the system compares the values entered by the administrator in the authorization profile with those required by the program for the user to execute a certain activity.