Additional Blogs by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Maintain Authorization Customizing

Arif1
Active Participant
‎02-05-2014 4:54 PM
0 Kudos

PFCG Link

Use

In this Customizing activity, you can activate or deactivate second-level authorizations, the use of shared memory for role definitions in Risk Management and Process Control, and the role inheritance function.

Second-Level Authorizations
  • If the second-level authorizations setting is active, the user selection for entity-level role assignments is restricted to users who have been assigned the corresponding PFCG role in their user profile.
  • If the second-level authorizations setting is deactivated, the user selection for entity-level role assignments is enabled for all users who have been assigned the SAP_GRC_SPC_BUSINESS_USER PFCG role to their user profile.
Role Inheritance for Organizations

  By activating the role inheritance for organizations, you can specify that authorizations are to be passed on to lower levels of the organization. Note that setting this checkmark activates the role inheritance for all roles in the organization used by Process Control and Risk Management. 

User-Shared Memory for Role Definitions

For performance reasons, you can activate the use of shared memory for role definitions. This stores the definitions of the modeled roles in the shared memory and will improve performance.

However, be aware that the changes in role definitions -  made using transaction PFCG - are then not immediately and automatically reflected in a shared memory. For this reason, consider using this option only for your production environment (not in your development and test environments).

Note: You can display the updated role data and see whether the role definitions are up to date by running the refresh report GRFN_SHM_ROLE _CHECK..

Requirements

Second-Level Authorizations
  • The individual roles must be created and maintained with transaction PFCG.
  • Users that are assigned to roles via user-role assignment must first have the corresponding PFCG-modeled role assigned to their user profile if second-level authorizations are active.

  Standard settings 

In the SAP standard delivery, second-level authorizations and use of shared memory for role definitions are deactivated.

Activities

  • Select the Active flag to activate one or several of the options.

Eskom Configuration: Not Used - Risk Management (RM) and Process Control (PC)

Popular Blog Posts