https://community.sap.com/t5/application-development-and-automation-discussions/over-authorization/m-p/12150075#M1976961 <P>Many thanks <SPAN class="mention-scrubbed">veselina.peykova</SPAN></P><P>I will go through your mentioned refrences</P><P>best regards<BR /> </P> Wed, 04 Mar 2020 09:59:01 GMT bashayreh 2020-03-04T09:59:01Z https://community.sap.com/t5/application-development-and-automation-discussions/over-authorization/m-p/12150073#M1976959 <P>Hi everyone</P> <P>in order to give access for a user on a fiori tile, I created a Role that contains the Technical Catalogue of that tile. the result is that the user is able to add new tiles and use them while he should not be able to do so. for example a sales representative is getting access to changing the cost price of items!</P> <P>please advise what is the best way to solve my issue</P> <P>best regards</P> Tue, 03 Mar 2020 15:18:34 GMT https://community.sap.com/t5/application-development-and-automation-discussions/over-authorization/m-p/12150073#M1976959 bashayreh 2020-03-03T15:18:34Z https://community.sap.com/t5/application-development-and-automation-discussions/over-authorization/m-p/12150074#M1976960 <P>You are not supposed to use technical catalogs directly for creating user roles.</P><P>The recommended approach is to create business catalogs referencing technical catalogs with only the needed apps, then you create groups (well thought out groups can make the life of users a bit easier) and use these when you create the PFCG roles.</P><P>For more information - refer to the official help documentation: <A href="https://help.sap.com/viewer/d4650bf68a9f4f67a1fda673f09926a9/753.04/en-US/af35d42e7d4f49d7b8e46080cd01c299.html">Best Practices for Managing Catalogs</A>.</P><P>There is also a nice self-paced openSAP course where this topic is really well explained: <A href="https://open.sap.com/courses/s4h14/items/3qhRV1obs2Ay0y2MnZf4Rl">Key Technical Topics in a System Conversion to SAP S/4HANA</A>. Enrolling is free of charge.</P> Wed, 04 Mar 2020 06:09:56 GMT https://community.sap.com/t5/application-development-and-automation-discussions/over-authorization/m-p/12150074#M1976960 VeselinaPeykova 2020-03-04T06:09:56Z https://community.sap.com/t5/application-development-and-automation-discussions/over-authorization/m-p/12150075#M1976961 <P>Many thanks <SPAN class="mention-scrubbed">veselina.peykova</SPAN></P><P>I will go through your mentioned refrences</P><P>best regards<BR /> </P> Wed, 04 Mar 2020 09:59:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/over-authorization/m-p/12150075#M1976961 bashayreh 2020-03-04T09:59:01Z https://community.sap.com/t5/application-development-and-automation-discussions/over-authorization/m-p/12150076#M1976962 <P>If its sandbox or dev, I dont see any issue with this approach, but for going forward into DEV, QA and PRD you should follow what Veselina has said. </P> Wed, 04 Mar 2020 12:02:21 GMT https://community.sap.com/t5/application-development-and-automation-discussions/over-authorization/m-p/12150076#M1976962 former_member612251 2020-03-04T12:02:21Z