Execute transaction code PFCG. Enter the Role name and choose on Single Role. (We are going to use Single Role for this activity).
Enter the role description and press on Save. You have just completed creating a new role in SAP system. So next, you need to assign the authorizations (transaction codes, reports, authorization default, web address and files) to the SAP users.
Go to the Menu tab. If you want to grant user with the transaction codes – click on Transaction. You will get as below screen and from here, you can type which transaction codes granted for the users. Once done click Assign transactions.
The Menu screen will listed all the granted transaction codes. You also can do for the Report, Authorization Default and Other. Click on Save again.
Next, go to Authorization tab. Click on Change Authorization Data.
On the Change role: Authorizations, verify if there are any missing values.
To assign the missing values – assign authorizations (make the yellow traffic light into green) – You need to click on the traffic light icon. Then, below dialog box will appear – to set the authorization fields to * (full authorization) for the object class. Press Enter.
To get into details on the respective object class – authorization object – You may need to click on the pencil icon. As example below for ABAP Workbench, each task for Activity, Package, Object name, Object type and Authorization group ABAP/4 does have their own level of security. So, from the below screenshot, the Activity was only granted for Display – means user can just only display while using the transaction code. They will not have the ability to change, update, delete or other functions.
If you want to assign more ability to the user, you can click on the pencil icon. You can select from listed activities. To give all authorizations, click on Full authorization. Click on Save.
You will prompted back to the Change role: Authorizations screen, click on Save to Assign Profile Name for Generated Authorization Profile. Press Enter.
Still on the Change role: Authorizations screen, click on Back (F3) and you will get below screen. Click on Generate icon (F6) to generate the Profiles.
The profiles will generated and you will see the Profile Name, Text and Status under the Information About Authorization Profile.
Next things to do is – Assign users to the Profile! So, switch to User tab and enter the User ID. Once done, click on the User comparison. Click on Save and you are done!
You can ask user to test the transaction codes now!
