November 22, 2012



1) Under description; in creating a role what should be written over there ....what does your company follows ?
Description of role defines the role related activity in short. Just seeing the description of the role, one can easily know the role details, like
Role belongs to which SAP module (MM/PP/FICO)
The Company code/Org level values
Restricted values can also be mentioned there
Activity performed after assigning that particular role.

2) What is the correct procedure for Mass Generation of Roles ?
1)Tcode SPUC is for mass generation of roles. Or you can use scripts
2)Program SAPPROFC_NEW inserted roles to be generated and execute.
3)PFCG > Utilities > Mass Generation

3) Can we assign generated profiles to users directly ?
No, we can't assign a generated profile to user directly; we have to as the role associated with that particular profile
The best practice is not to assign profile to a user master record. But then we can assign...
 Check it for example, assign sap_all to a user master record and can actually work.
So, yes a profile can be assigned to user and can work.

4) How many maximum profiles we can assign to one user ?
apprx 312

5) In which way we can assign single role to many users (more than 5000 users) ?
Go to Su10
Click on authorization data
Click on multiple selection button beside user input field a pop up will appear-->click on green import from text file
Give the destination of the excel sheet where you have already kept 5000 users
Execute-->execute-->select all -->transfer this will bring all 5000 users in su10
Now change--> role tab--> assign the single role-->save

6) I want to see list of roles assigned to 10 different users. How do you do it ?
1.Go to SE16 Transaction
2.Type agr_users and go to next screen the user’s field I have the list of user ids
GO to suim -->ROLES-->By user assignment
Click multiple selection
Select user’s ans execute
Now you get a list roles assign to selected users

7) What is the advantage of CUA from a layman/manager point of view ?
CUA - Central User Administration
Advantage of CUA is to lessen the time by creating users in one single system, and distribute it to the respective systems (where the user  id is requested)Helps in avoiding logging to each individual systems. Layman point of view we don’t have any advantage, But SAP security admin point it takes lesser time for user Admin.

8) how do we create firefigter Id in VIRSAs VRAT ?
First create service user and mapp this user in /n/virsa/vFat

9) What is the procedure to delete a role ?
First add the role that need to be deleted in a Transport.
Then delete it. If there is no transport already, then create one for it and then add the role marked for deletion to it and then only we have to delete the role.
If the role is deleted without adding it to a transport then we will not be able to delete the same role in other  systems like Acceptance / Quality / Production in CUA Environment.

10) What is the main difference between role and profile ?
Roles are the set of authorizations.
Profiles are sub component of roles.
We can assign role to user but not profile.

Roles are collection of different transactions, reports/web links where its profile is nothing but set of authorizations which defines the behavior of transactions listed in Role Menu. And another difference could be we canassign roles to user using PFCG but we cannot assign manually created or generated profile directly to users using PFCG.