Once you have verified that a role is missing an authorization, how can you check the role to validate and update the current actions that are allowed?
a) Use the role mapper utilities to see if a user is part of the correct group.
b) In transaction su01, add sap_new profile to the user ID and have them log out and log back in.
c) Use transaction PFCG to check the role to be added or altered for that user ID and turn on technical names to view detailed data on the authorization object.
d) You must create a new role for that user so they can access the desired data.
As in the previous question, proper initial security planning is the key to maintaining your system. PFCG will allow you to make changes to the role. Technical names on will show you the specific role and enable you to use the SAP search icon (binoculars). It is extremely important that you do not use this ability to over authorize an existing role, as that will allow others to gain unwanted access.