Register Login
Python Photoshop SAP Java PHP Android C++ Hadoop Oracle Interview Questions Articles Other

Creating a role using Menu Tab or Template PFCG

Updated May 19, 2018

I was told  that when creating a new role, one should avoid using the menu tab and add transactions.

I should use a template role and add the transactions and objects thru the Authorisations tab.

Is this true ?

If I want to create a role from scratch, the menu tab option seems to me the obvious way.

Thanks in advance.

 

Comments

  • 11 Aug 2010 4:55 pm David Best Answer
    Hi

    When they told you to manually maintain S_TCODE were they laughing?

    Adding via S_TCODE means you have to first import a second S_TCODE object (you'll see that the original one is not modifiable..)

    If you do carry on and add manually then, as stated, you won't pick up the SU24 objects so you will probably receive auth errors during UAT. That means the next step is to manually add the object/values to clear the SU53/ST01 reports. If you ever maintain that role in the future and say take out one of the manually added tcodes all of the manually added objects remain. Doing it correctly via SU24/PFCG menu keeps things clearer.

    For the composite role menu update after changing the menu in its singles you've gone too far in maintaining the composite role unfortunately - forget eCATT/LSMW options as it's just ongoing maintenance.

    Try creating a brand new composite and insert all of the singles from the original composite in DEV but don't go anywhere near the menu update button in the composite - just press save and exit.

    Add the new composite (which has no menu) to a test usr in DEV and log on as the test user, change your settings to display first level and you will see the singles and their menus. Doing it this way means no more composite role menu updates.
  • 11 Sep 2009 12:30 pm Guest Helpful Answer
    It depends, if you would like to ensure that the objects which will be checked by the transaction are added automatically I would recommend to use the Menutab (Profilegenarator functionality).
    In case you put the transaction directy into the S_TCODE Object you might face some errors. Of course you can check via SU24 which objects are linked to your transaction but it might take time.
    Just use the PFCG menu function as your secretary and you will get quicker to a working role.

    regards,
    Marko
  • 17 Sep 2009 6:30 pm Guest Helpful Answer
    The added advantage is that most of the reports used in SUIM will only check for transactions added via the menu tab. For example, if you create a role that has S_TCODE auths added manually via AUTHORIZATIONS tab, when you look for roles and/or users w/the transaction(s) via SUIM, it will not report anything other than what is added via the MENU tab.
  • 15 Jul 2010 6:43 pm Guest
    Good afternoon.

    I would like to know if there is any way to "MASS READ MENU" in transaction pfcg (or using any other).
    When I modify a Single Rol, then I have to adjust the Composite one by clicking the button "READ MENU". I have so many Composite to adjust that I would be really greatfull if someone of you knows a way to do it massively!!

    Tks!
  • 06 Aug 2010 12:36 pm Guest
    Re: Mass Read Role Menu - create an eCATT to do this. It's still some manual steps but speeds up the process
    Re: Creating a role - whoever told you that obviously does not know the first thing about security. I would love to know who it was so I can follow them and make lots fo money fixing the junk that they implemented.
    Marco is spot on - use PFCG and use the role menu. Configure SU24 properly and you will have a clean and easily maintainable implementation that will survive you.
Recommended Posts:
×