topic PFCG Authorization Profiles in Application Development and Automation Discussions https://community.sap.com/t5/application-development-and-automation-discussions/pfcg-authorization-profiles/m-p/14205156#M2042413 <P>Hi ABAP experts.</P><P>I am creating an ABAP program to do a mass update of roles, rather than manually doing it with transaction PFCG.&nbsp; I am removing manually-added T-Codes, then adding them to the Role Menu as Authorization Default using method CL_PFCG_MENU_MODIFY-&gt;MENU_ADD_SERVICE.&nbsp; This works well, changing the AGR_1251-MODIFIED field from 'U' to 'S',&nbsp; However, when the Authorization Profile is generated using<!-- StartFragment --> <SPAN>PRGN_AUTO_GENERATE_PROFILE_NEW</SPAN>, it also brings in a lot of unwanted authorizations, such as SE16 bringing in S_TABU_DIS and S_TABU_NAM.&nbsp;</P><P>The method&nbsp;CL_PFCG_MENU_MODIFY-&gt;MENU_DELETE_NODE will remove them, but they will come back whenever the profile is regenerated.</P><P>The solution is to set the Authorization as 'Inactive', but I cannot find a Method or Function Module that will do this.&nbsp; I tried doing a direct table update (which is not recommended) to AGR_1251, setting the DELETED field to 'X'.&nbsp; When I do this and look at the role in PFCG and in table AGR_1251, it appears to have worked.&nbsp; When someone logs into the system with that role, executes SE16, they should not be able to select any table to display.&nbsp; However, even though the Authorizations are Inactive, they can still display table contents.</P><P>Can someone please help me out with how to achieve my goal?</P> Thu, 11 Sep 2025 12:55:17 GMT dan_spitzig 2025-09-11T12:55:17Z PFCG Authorization Profiles https://community.sap.com/t5/application-development-and-automation-discussions/pfcg-authorization-profiles/m-p/14205156#M2042413 <P>Hi ABAP experts.</P><P>I am creating an ABAP program to do a mass update of roles, rather than manually doing it with transaction PFCG.&nbsp; I am removing manually-added T-Codes, then adding them to the Role Menu as Authorization Default using method CL_PFCG_MENU_MODIFY-&gt;MENU_ADD_SERVICE.&nbsp; This works well, changing the AGR_1251-MODIFIED field from 'U' to 'S',&nbsp; However, when the Authorization Profile is generated using<!-- StartFragment --> <SPAN>PRGN_AUTO_GENERATE_PROFILE_NEW</SPAN>, it also brings in a lot of unwanted authorizations, such as SE16 bringing in S_TABU_DIS and S_TABU_NAM.&nbsp;</P><P>The method&nbsp;CL_PFCG_MENU_MODIFY-&gt;MENU_DELETE_NODE will remove them, but they will come back whenever the profile is regenerated.</P><P>The solution is to set the Authorization as 'Inactive', but I cannot find a Method or Function Module that will do this.&nbsp; I tried doing a direct table update (which is not recommended) to AGR_1251, setting the DELETED field to 'X'.&nbsp; When I do this and look at the role in PFCG and in table AGR_1251, it appears to have worked.&nbsp; When someone logs into the system with that role, executes SE16, they should not be able to select any table to display.&nbsp; However, even though the Authorizations are Inactive, they can still display table contents.</P><P>Can someone please help me out with how to achieve my goal?</P> Thu, 11 Sep 2025 12:55:17 GMT https://community.sap.com/t5/application-development-and-automation-discussions/pfcg-authorization-profiles/m-p/14205156#M2042413 dan_spitzig 2025-09-11T12:55:17Z