Assign Standard Roles (SAP Library - Users and Roles (BC-CCM-USR))

Assign Standard Roles

Use

The SAP standard contains more than 1200 predefined single roles from all application areas.

If you assign a predefined role to a user, he or she is automatically given the user menu required for his or her daily work and the authorizations required for it, when he or she logs on to the SAP System.

He or she can also define his or her personal Favorites from the functions assigned to him or her. The user calls transactions, programs or internet/intranet applications from the Favorites or the job structure tree.

Before you start to create your own roles for your staff, check whether the roles delivered by SAP can be used for the job descriptions in your company.

Prerequisites

Get an overview of the roles delivered by SAP. The program RSUSR070 outputs descriptions of the existing example jobs. To run the program, choose Tools ® Administration ® User maintenance ® Infosystem ® Roles ® Roles by complex selection criteria ® by role name, or the transaction S_BCE_68001418.

If you choose Role description, the description text of the predefined role is displayed as well as its name.

The list displayed lists the roles delivered in the SAP Standard.

Predefined roles are delivered as templates with the prefix 'SAP_'.

Procedure

To assign user roles unchanged:

the SAP System SAP Easy Access initial transaction contains additional functions for administrators. You need authorization for the following authorization objects to be able to use these functions:

Authorization object:	Value:
S_USER_TCODE	PFCG
S_USER_PRO	*
S_USER_AUT	*
S_USER_GRP	*

You also need the following authorizations if the authorization profiles of the delivered roles are also to be generated automatically:

Authorization object:	Value:
S_USER_AGR	*
S_USER_TCD	*
S_USER_VAL	*

Choose Other menu in the initial transaction SAP Easy Access.

The delivered roles are output.

Choose a role/composite role by double-click.

You can view the user menu of the selected role/composite role. This does not create an assignment to your user.

Choose Assign user to assign the currently displayed role directly to one or more users.

Enter the name of the user which you want to assign. User selection displays a multiple selection list of the current users in the system.

The users must already exist in the system before you can assign them. See Create and maintain user master records.

Choose Copy user.

Confirm that the role profile is to be generated and the user master adjusted. The authorization profile is generated and put in the user master of the selected user in addition to the user menu of the selected role(s).

If you do not confirm the prompt, only the user menu is assigned to the selected users. The authorization profile is not generated and entered in the user master.

The authorization data of all delivered roles are maintained. All customer-dependent fields, such as company code and plant, but also authorization groups and some other authorization fields, have the value '*‘. In many authorization fields, '*‘ means the entire possible range of values. This allows usable authorization profiles to be pre-generated.

Result

The users to whom you have assigned the role can logon to the system. The user menu appears with the functions which the user needs for his or her work and for which he or she has the necessary authorizations.