Skip to Content

In any role based SAP system we often come across the situation, where we have to copy the authorization of one user to a new user. For this we create new roles from the roles assigned to the existing users. But when we copy a role to a new role we have to regenerate the authorization. Here the problem comes, as we regenerate the authorization, all the previous data get lost and new objects are generated with different values(Plant, activity, organisation level…etc).Now we have to change the value for each object by seeing the values from old role.This is arduous.

                                                                                                    But SAP provides a solution for this. Whenever you copy a role generate the authorization in export mode and ” select edit old status ” and your old authorization value will remain intact.

Image 70.jpg

Image 71.jpg

To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Otto Gold

    Hello,

    this is pretty basic and also dangerous/ misleading/ often damaging the authorization concept. Would you care to elaborate on this so that you provide enough clues for the beginners to be careful?

    thanks, Otto

    (0) 
    1. Deepak Pathak Post author

      Hi Otto,

          I know this is pretty basic. But I don’t understand your comment:’dangerous/ misleading/ often damaging the authorization concept‘. Would you care to elaborate on this?

      (0) 
      1. David Berry

        Hi

        If the original role has always been updated using the edit old status it will be ‘screaming in agony’ every time it is updated (say by adding a tcode) as the SU24 entries relating to it are trying to help you maintain the role and not being allowed to do so.

        Read about SU24…

        When you create a copy of the existing role the same situation exists whether derived (edit – not sure) or single.

        Using expert mode updates the role, using edit old is the “insect in amber” route – eventually it will hatch out and bite you 🙂

        Cheers

        David

        (0) 
        1. Deepak Pathak Post author

          thats the whole point. In this method you are not supposed to add any tcode in menu. you have to just copy and generate the authorization.

          Regards,

          Deepak

          (0) 
          1. David Berry

            Hi

            Sorry – I think you may be missing the ‘whole point’ bit I was trying to hint at but I am happy to dig further 🙂 to help

            The way the existing role which you are copying from has (it looks like according to your explanation) been maintained historically in an ‘edit old status’ mode or something very similar?

            If you were to create a new temporary role with the transactions in it from ‘scratch’ what does it look like? Same as the original role or more like the newly created copied role?

            Do you use SU24 and then expert mode when in PFCG/SUPC?

            Edit – the ‘insect in amber’ comment refers to the fact that the roles are no longer running on the latest USOB* table entries..

            Kind regards

            David

            (0) 

Leave a Reply