Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Track Overwrite Authorization Object in Derived Role - Derived from Master Role

ashrafmansorpwc
Explorer
0 Kudos
318

Hi,

How do I check/recover the overwrite authorization object value in my derived role?

For example, an authorization object is manually added in specific company code. Once I derived from the master role, it will overwrite/follow exactly whatever authorization object in the master role.

Been looking ways to check it but couldn't find specific solution.

Help needed, cheers!

1 REPLY 1

olgavlachova
Explorer
0 Kudos
38

Hello, sorry for late reply, I have found your question by accident today.

As involved in SAP Authorizations for 20 years I can recommend to use SU24 instead of any manually addition of auth object.

Otherwise can easily happen that values of this not inherited authorization are overwritten. If values would be at first filled in SU24, any new value for the same auth object will be added as extension to existing ones.

In this case I recommend to fill SU24 values for all t-codes existing in your role, then run Expert Mode in master role change in PFCG and choose the last choice "Read old status and merge with new data". Auth profile will be filled by auth objects and values as defined in SU24. Generate profile of master role and then spread it to derived role/s.

SU24 is great tool to save time and ensure the t-code functionality, you need to fill values required for working t-code (STAUTHTRACE is good friend to get them) now and it will cover expected functionality in all roles t-code will be added in the future. 

And yes, you will have to take care and run SU25 after patch/es but the benefit of SU24 is incomparable higher especially if more workers in SAP Authorizations team.

Have a nice day.