EN | DE

Startseite / BASIS / PFCG

PFCG: Role Maintenance

BASIS - SAP Basis

Wann verwenden

Create and assign authorization roles

Typischer Anfängerfehler

Missing org level values in role

Business context

Goal: secure and least-privilege system access.

Typical stakeholders: security admin, basis consultant, process owner.

KPIs to watch: critical auth findings, access request lead time, segregation-of-duties conflicts.

Practical example

Team requests one 'power role' for speed, but it includes purchasing, payments, and admin authorizations.

Consultant note: Split by business process and risk level. Use display roles plus narrowly scoped create/change roles.

Case walkthrough: issue to resolution

Problem: One role combines conflicting purchasing and payment privileges.

Diagnosis: Analyze auth objects and org-level values; run SoD checks against control matrix.

Resolution: Split role by process boundaries (display/post/release), restrict org levels, and retest business tasks.

Vor Ausführung prüfen

Verwandte T-Codes