Create Role and Profile for New user Using PFCG
Lets discuss about role and profile.
What is a Role?
A role is assigned to an user, its used to choose a T-code/Menu and its create authorization profile. Suppose Role A has authorization for t-code MM01, and the role is assigned to use ABC, It means the user is able to use the t-code MM01.
What is a Profile?
A profile is the element in the authorization system. Its allow an user to access the system.
For authorization check, The system checks on the particular profile which is assigned to user for the proper authorization.
Create Role T-code = PFCG
This is initial screen of Role maintenance.
If you have a old role and you want to copy as a new role, then you can choose the option copy as… Enter the old role in Role field then press copy as
Give the new name in to Role and press “Copy all”, your new role will be copied. Then you can change the role as you wish.
Give the new name in to Role and press “Copy all”, your new role will be copied. Then you can change the role as you wish.
If you want to create a new one then just enter the name in Role and then press “Single Role”
The initial creation for the particular role will come. We have to maintain The Menu, Authorization and User (If you want to maintain workflow, then you can maintain). Click on the Menu tab.
In this tab we will enter the t-codes which we want to give authorization to an user. There are many option to insert t-code Its used to enter a single t-code.
Suppose you want to give the authorization for MM01 only, then you have to click on transaction, and give the t-code MM01.
Its used to enter a whole menu area. Suppose you want to give the authorization for all Inventory management’s T-codes , then click From SAP Menu and Select the Inventory Management option.
The initial creation for the particular role will come. We have to maintain The Menu, Authorization and User (If you want to maintain workflow, then you can maintain). Click on the Menu tab.
In this tab we will enter the t-codes which we want to give authorization to an user. There are many option to insert t-code Its used to enter a single t-code.
Suppose you want to give the authorization for MM01 only, then you have to click on transaction, and give the t-code MM01.
Its used to enter a whole menu area. Suppose you want to give the authorization for all Inventory management’s T-codes , then click From SAP Menu and Select the Inventory Management option.
Lets give the authorization of all inventory management option, It means the use can do these all things which is in under inventory management tab in main menu.
As we can see the Menu tab’s colour is Green. It means we have successfully assign the t-codes to this particular user. Save your settings. Now Go to Authorization tab.
Here you have use a profile name for this role. You can use the profile name as you wish or you can select Propose profile name to click the option If you click the option,
then system will propose you a 10 digit profile name and profile text (You can change the profile text) , you can continue with system proposed profile name or you can give as yours.
then system will propose you a 10 digit profile name and profile text (You can change the profile text) , you can continue with system proposed profile name or you can give as yours. I use System proposed profile name, I have click on the option. System propose me a profile name.
You have to give the authorization for required data for inventory management. Suppose you give company code X in this field, Then the user will only can do a entry for company code X. It is for the all field which is shown in above figure. After compete the all field, press save/enter.
We can there are no red colour on any field. Now press 
in the screen.
in the screen. You can see a message, press generate. You can see a success message Now press back and go back to the initial screen. You can see the Authorization tabs also will green coloue. That means this tab is successfully completed.
Here just give the user id in the field “user ID”, to whom you want to give the authorization. You can restrict the role and profile with validity period. In default it come current date to 31.12.9999.
Now Log in with new user.
