Use
The SAP standard contains more than 1200 predefined single roles from all application areas.
If you assign a predefined role to a user, he or she is automatically given the user menu required for his or her daily work and the authorizations required for it, when he or she logs on to the SAP System.
He or she can also define his or her personal Favorites from the functions assigned to him or her. The user calls transactions, programs or internet/intranet applications from the Favorites or the job structure tree.
Before you start to create your own roles for your staff, check whether the roles delivered by SAP can be used for the job descriptions in your company.
Prerequisites
Get an overview of the roles delivered by SAP. The program RSUSR070 outputs descriptions of the existing example jobs. To run the program, choose Tools
® Administration ® User maintenance ® Infosystem ® Roles ® Roles by complex selection criteria ® by role name, or the transaction S_BCE_68001418.If you choose Role description, the description text of the predefined role is displayed as well as its name.
The list displayed lists the roles delivered in the SAP Standard.
Predefined roles are delivered as templates with the prefix 'SAP_'.
Procedure
To assign user roles unchanged:
the SAP System SAP Easy Access initial transaction contains additional functions for administrators. You need authorization for the following authorization objects to be able to use these functions:
Authorization object: |
Value: |
S_USER_TCODE |
PFCG |
S_USER_PRO |
* |
S_USER_AUT |
* |
S_USER_GRP |
* |
You also need the following authorizations if the authorization profiles of the delivered roles are also to be generated automatically:
Authorization object: |
Value: |
S_USER_AGR |
* |
S_USER_TCD |
* |
S_USER_VAL |
* |
The delivered roles are output.
The users must already exist in the system before you can assign them. See
If you do not confirm the prompt, only the user menu is assigned to the selected users. The authorization profile is not generated and entered in the user master.
The authorization data of all delivered roles are maintained. All customer-dependent fields, such as company code and plant, but also authorization groups and some other authorization fields, have the value '*‘. In many authorization fields, '*‘ means the entire possible range of values. This allows usable authorization profiles to be pre-generated.
Result
The users to whom you have assigned the role can logon to the system. The user menu appears with the functions which the user needs for his or her work and for which he or she has the necessary authorizations.