Create order through role-based permissions
Authorizations in SAP BW, HANA and BW/4HANA
In the transaction SU01, enter a non-existent user ID and click the Create button (F8). The BAdI BADI_IDENTITY_SU01_CREATE is called with the new user ID. Implementation in the BAdI is running. For example, here you can read additional attributes to the new user from an external data source. The data collected within the BAdIs is written into the fields of the transaction SU01. This will show you the new user master set with the pre-filled fields. You can edit the user master record, such as assign roles, or change the pre-populated fields.
If you manage your SAP system landscape via the Central User Administration (ZBV), you must insert SAP Note 1663177 into both the ZBV system and all attached subsidiary systems. In this case, also note that the default user group will be assigned in the daughter systems if no user group has been distributed during the user's installation from the ZBV. In addition, you will receive an error message in the SCUL transaction stating that a user group must be assigned to the user (via the ZBV headquarters). This behaviour is independent of the settings of the distribution parameters for the user group in the SCUM transaction. If you have set the distribution parameters for the user group to Global or Redistribution, the appropriate subsidiary system will reject the changes made to users that do not have a user group in the Central System, and you will receive an error message in the SCUL transaction.
Basic administration
No external services can be added manually in transaction SU24. To do this, you must turn on a permission trace that takes over. You can enable the permission trace using the auth/authorisation_trace dynamic profile parameter. You can enable this parameter by using the transaction RZ11 (Profile Parameter Maintenance) by entering the value Y as a new value and selecting the Switch to All Servers setting.
Once a permission concept has been created, the implementation in the system begins. On the market, there are solutions that create PFCG rolls based on Microsoft Excel in the blink of an eye. You should, however, take a few things into account. Have you defined your roles in the form of role matrices and your organisational levels (orgés) in the form of organisational sets (orgsets)? All of this is stored in Excel documents and now you want a way to simply pour this information into PFCG rolls at the push of a button, without having to create lengthy role menus or then derive large amounts of roles, depending on how many organisational sets you have defined?
Assigning a role for a limited period of time is done in seconds with "Shortcut for SAP systems" and allows you to quickly continue your go-live.
This function can also be used for customer-specific developments.
The Excel file must not be lost or damaged.