Introduction to Procedure for Creating Activity Groups

The following information describes the standard procedure for creating simple activity groups. It covers processing of an activity group with the option Basic maintenance in transaction PFCG.

Step 1

• Create the activity group.

Step 2

• In the Description field, enter a description of the function the activity group is to perform.

Step 3

• On the Menu tab, assign transactions to the activity group.
• You can either enter the transactions directly.
• Alternatively, you can use the Menu selection key to assign menu options from the company menu (provided that this menu has already been generated in the current release).
• The activities selected from this menu are displayed in the session manager for all users assigned to the activity group as a user menu.

Step 4

• On the Authorizations tab, choose Change authorization data
• Depending on which transactions you selected, a dialog box may appear on which you are requested to maintain the Org. levels. These organizational levels are authorization fields that appear simultaneously in many authorizations and which can be maintained together this way. An example here is the company code, which appears in many authorization objects. By assigning values to the organizational levels, you are also maintaining the corresponding authorization fields for all authorizations in the overview tree that follows.
• The system displays an overview tree of all authorizations that SAP suggests for the transactions selected. Some of these authorizations already contain values.
• For those authorizations where an amber traffic light is displayed, authorization values must be manually entered. You enter these values by clicking on the white line to the right of the authorization field. Once you have maintained the values, the authorizations are classed as manually modified and are not overwritten if you include more transactions and reprocess authorizations. By clicking on the traffic lights, you can assign the full authorization for all non-maintained fields for the hierarchy level in question.
• A red traffic light indicates that organizational levels exist that do not yet contain any values. You can enter/change these values by choosing Org. levels.
• If you require further functions in the overview tree like copying or combining authorizations, you can display additional functions by choosing Utilities -> Settings.
• Generate an authorization profile for the authorizations. To do so, choose Authorizations -> Generate.
• The system now asks you to enter a name for the authorization profile that now arises and defaults a name that exists in the customer name range.
• Once the profile has been generated, exit the overview tree.
• If you make changes to the menu selections and then call up the overview tree for the authorizations, the system tries to add the authorizations for the new transactions to the existing authorizations. In so doing, traffic lights can be changed back to amber becauseauthorizations that are not fully defined appear once more in the overview tree. You then need to enter values manually for these authorizations or to delete them if they are not required.
• To delete an authorization you must first deactivate it.
• General authorizations like spool display and printing are not generally defined for the transactions. For this reason, authorization templates exist that you can add to the existing data. To do so, from the menu choose Edit -> Insert auth. -> From template... and choose one of the templates from (for example SAP_USER_B Basic authorization for application users or (for example SAP_PRINT Print authorization). Alternatively, you can also create a separate activity group for these general authorizations, simplifying handling.

Step 5

• On the User tab, assign users to the activity group.
• For the users assigned, the menu items belonging to the activity group are displayed in the session manager as a user menu.
• In addition, the generated authorization profiles are automatically
• entered in the user master record when you carry out the User master comparison. To do so, choose User compare on the User tab and then choose the option Cpmplete compare.
• If you do not narrow down the selections by specifying a particular period, but instead use the period defaulted by the system (current date to 12/31/9999) no further action is necessary. If you specify a particular period, then you need to ensure the report program PFCG_TIME_DEPENDENCY is scheduled periodically every day. This report automatically updates the user master records. You also need to schedule this report if using Organizational Management (no further details on this are entered into here).
• It is extremely important that you never enter generated authorization profiles directly in the user master records (as is the case for manually created authorization profiles). You can only link generated profiles to users by assigning the users to the corresponding activity group and then running a compare on the user master data. When the system runs the compare, it enters the profiles of the activity group for all users belonging to the activity group.

Step 6

• If you want to transport the activity group into another system, you now need to enter the activity group in a transport request.
• To do so, choose Activity group -> Transport.. You can now specify whether the user assignment should also be transported.
• The authorization profiles are also transported (unless you specified that you do not want them to be transported).
• Following the import in the target system, you then need to carry out a full user master compare for the imported activity groups. You can either start this comparison yourself or it can be carried out automatically by report program PFCG_TIME_DEPENDENCY (assuming this report is scheduled to run periodically in the target system).

Detail information

See also the general documentation on the Profile Generator in the SAP Library. Choose:
Basis Components -> Computing Center Management System -> Users and Roles or in the Implementation Guide (IMG), choose: Basis Components -> System Administration -> Users and Authorizations -> Maintain Authorizations and Profiles using Profile Generator.