Skip to Content
Author's profile photo Dibyendu Patra

Create Role and Profile for New user Using PFCG

Hello Friends,

Hope you are doing well.

In my organization, I have Configured the role and profile for our new user.

I want to share with you about the settings and details. One document is really help me to learn this factor. One of our friend Sudeep wrote a excellent document MM Related Authorization Objects – How to Find out & Assig,  Its really help me a lot.

There is also very deeply explain about authorization in this document.

Lets discuss about role and profile..

What is a Role?

A role is assigned to an user, its used to choose a T-code/Menu and its create authorization profile…

Suppose Role A has authorization for t-code MM01, and the role is assigned to use ABC, It means the user is able to use the t-code MM01.

What is a Profile?

A profile is the element in the authorization system. Its allow an user to access the system.

For authorization check, The system checks on the particular profile which is assigned to user for the proper authorization.

Create Role

T-code = PFCG


This is initial screen of Role maintenance..

If you have a old role and you want to copy as a new role, then you can choose the option copy as…

Enter the old role in Role field then press copy as…


Give the new name in to Role and press “Copy all”, your new role will be copied. Then you can change the role as you wish.

If you want to create a new one then just enter the name in Role and then press “Single Role”


The initial creation for the particular role will come.

We have to maintain The Menu, Authorization and User (If you want to maintain workflow, then you can maintain).

Click on the Menu tab.


In this tab we will enter the t-codes which we want to give authorization to an user.

There are many option to insert t-code

ScreenShot.jpg Its used to enter a single t-code. Suppose you want to give the authorization for MM01 only, then you have to click on transaction, and give the t-code MM01.


ScreenShot.jpg Its used to enter a whole menu area. Suppose you want to give the authorization for all Inventory management’s T-codes , then click From SAP Menu and Select the Inventory Management option.


Lets give the authorization of all inventory management option, It means the use can do these all things which is in under inventory management tab in main menu.


As we can see the Menu tab’s colour is Green. It means we have successfully assign the t-codes to this particular user.

Save your settings.

Now Go to Authorization tab.


Here you have use a profile name for this role.

You can use the profile name as you wish or you can select Propose profile name to click the option ScreenShot.jpg

If you click the option, then system will propose you a 10 digit profile name and profile text (You can change the profile text) , you can continue with system proposed profile name or you can give as yours.

I use System proposed profile name, I have click on the option.

System propose me a profile name.


Save you data.

It will take all standard fields, which will need for the inventory management.

Then you gave generate the profile. Select the last option “Expert Mode for Profile Generation”


You have to give the authorization for required data for inventory management.

Suppose you give company code X in this field, Then the user will only can do a entry for company code X. It is for the all field which is shown in above figure.

After compete the all field, press save/enter.


We can there are no red colour on any field.

Now press ScreenShot.jpg in the screen.

You can see a message, press generate. You can see a success message ScreenShot.jpg

Now press back and go back to the initial screen. You can see the Authorization tabs also will green coloue. That means this tab is successfully completed.

Now press the User tab


Here just give the user id in the field “user ID”, to whom you want to give the authorization.

You can restrict the role and profile with validity period.

In default it come current date to 31.12.9999.


Now after giving the user name, press ScreenShot.jpg and then in the next screen, press ScreenShot.jpg

Save your data, You can see a success message ScreenShot.jpg

It means the profile and role is successfully assigned to this particular user.

Now we can see the User option is also in green colour mode. It means we have successfully done this tab.

Now just save you data and press back.

Now we can see in User master record from SU01, the new role and profile is assigned to the user.


Now Log in with new user.

When the user trying to enter t-code under inventory management, the user can do the all. But whenever he will try to enter t-code under purchasing and all (without inventory management), he will get a message ScreenShot.jpg

If any authorization missing in inventory management, then we can also add the activity to the user. Its is clearly discuss on this document

MM Related Authorization Objects – How to Find out & Assig,

If we want to restrict the storage location and G/L account, then we have to assign the storage location and G/L in Role and we have to activate “Authorization Check for Storage Locations”

Go to OLMB-Authorization Management-Authorization Check for Storage Locations and Authorization Check for G/L Accounts.


Tick for the storage location which you want check the authorization for user.


Tick for the company code which you want to check for the authorization.

This way you can restrict authorization for an user.


Dev Patra

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Hi Dev,

      I assure you that, after reading your blogs. Whoever face any issue they can easily go through easily and resolve the issue very soon.

      Keep sharing and motivating others.


      Hari Suseelan

      Author's profile photo Kamlesh Kumar Arya
      Kamlesh Kumar Arya

      Hi @Dev,

      After reading your blog, It seems that I would be able to test it in my system very soon, And also you made it very easy to empathize. I am sure that any SAP beginners could do that same testing without any trouble. 🙂

      Thanks for sharing.

      I have to learn a lot from the person like you. 🙂

      Kind Regards


      Author's profile photo Praveen Madas
      Praveen Madas

      Hi @Dev,

      Thanks for worth sharing.


      Praveen Madas

      Author's profile photo Abdullah Galal
      Abdullah Galal

      Very useful with great level of details, you're awesome, thank you!

      Author's profile photo Dibyendu Patra
      Dibyendu Patra
      Blog Post Author

      Thanks Abdullah