Get started Bring yourself up to speed with our introductory content.

9. How can you make changes to an SAP role for authorization?

Learn the response to the ninth question in's exclusive security quiz. Read the answer and more detailed information on authorizations.


Once you have verified that a role is missing an authorization, how can you check the role to validate and update the current actions that are allowed?

a) Use the role mapper utilities to see if a user is part of the correct group.
b) In transaction su01, add sap_new profile to the user ID and have them log out and log back in.
c) Use transaction PFCG to check the role to be added or altered for that user ID and turn on technical names to view detailed data on the authorization object.
d) You must create a new role for that user so they can access the desired data.


As in the previous question, proper initial security planning is the key to maintaining your system. PFCG will allow you to make changes to the role. Technical names on will show you the specific role and enable you to use the SAP search icon (binoculars). It is extremely important that you do not use this ability to over authorize an existing role, as that will allow others to gain unwanted access.

Return to the answer page
Return to the quiz

Dig Deeper on SAP security