Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SU22 authorization object maintain and PFCG role

phoenixming0912
Product and Topic Expert
Product and Topic Expert
0 Kudos
1,127

Hi experts,

If you add a transaction in pfcg role, you will get an authorization object list which was from SU22 transaction.

I am wondering which value should be maintained in pfcg role authorization and which should be done in SU22.

As far as I understand, SU22 is a template and pfcg role is a customizing.

I have checked some existing ones, some authorization objects in SU22 were set status with "Check with no values", I think the authorization should be maintained in pfcg role. And some other objects have locked fields, saying they are maintained in org level, I don't quite understand about this.

Can someone explain these for me? Thank you.

Regards,
Eric

6 REPLIES 6

Sandra_Rossi
Active Contributor
0 Kudos
993

As you can see in the official documentation and in the forum, SU22 is to indicate the authorizations used in any transaction code, which must correspond to what has been done by the developer in that transaction code (whatever it's standard or custom), to help maintaining the authorizations.

As you can see in the official documentation and in the forum, organization level is about the values which are common to many authorizations, like the company code a role is assigned to, etc.

You "don't quite understand about this." No need to repeat what is said in the official documentation and in the forum, what do you understand and what is your question?

phoenixming0912
Product and Topic Expert
Product and Topic Expert
0 Kudos
993

Thank you for the reply. Regarding SU22, in PFCG role you can add a transaction and maintain the authorization, what I am asking for is the difference between authorization objects that maintained in SU22 and PFCG role.

Sandra_Rossi
Active Contributor
0 Kudos
993

What you maintain in SU22 = authorizations proposed by default in PFCG when you add a transaction code.

Just try it = fast learning.

phoenixming0912
Product and Topic Expert
Product and Topic Expert
0 Kudos
993

I have tried technically, but I am not clear about what kind of data should be maintained by default (in SU22) and what should be maintained in PFCG role? Could you give an example?

Sandra_Rossi
Active Contributor
0 Kudos
993

If you create the transaction code ZTRAN, and in the corresponding program you always do AUTHORITY-CHECK OBJECT 'ZSUSO' ID 'ACTVT' FIELD '01', then you should define in SU22 that ZTRAN has ZSUSO with ACTVT = '01'. You then go to PFCG, create or maintain an existing role, add ZTRAN, you then maintain the authorizations of the role and you'll see that it has proposed ZSUSO with ACTVT = '01'.

raymond_giuseppi
Active Contributor
0 Kudos
993

Read first some documentation such as From the Programmed Authorization Check to a Role

Basically the developer provides the administrator the informations required to add the transaction to a role with some default values.