When setting up testing for users before delivering a solution, we always validate security roles. We often find that roles in quality and training environments can get out of sync with roles in production. The leading practice is, of course, to ensure that roles are created in a development environment and transported to forward environments. We find that this is not always the case. Many times, for example, security does not remember, or have time, to make all the same changes to the other instances or clients. In those cases, we’ll show you how to copy a role from one instance to another to ensure that your testing reflects the security used in the productive environment.
Of course, we assume that you have the rights and authority to do the following:
- Access transaction PFCG in your source client.
- Enter the name of your role and press ENTER to verify it.
- From the Role menu, access the download option.
- Acknowledge the messages and select a file name and location.
- Access transaction PFCG in the destination client.
- From the Role menu, access the upload option.
- Acknowledge the messages and select the file created in Step 4 above.
- Access the newly copied rule. You can ensure it has been updated by looking at the Create and Change dates on the Description tab. They will reflect the current user upload date and time, not the actual role creation in the source client.
It can be that authorizations are not generated, so look for the yellow icon. If so, regenerate the authorization object before using it.
If changed, authorizations do not take effect until the users who have the roles assigned are logged in and out.
Advanced Solutions is a leading provider of third party SAP support, our experts provide Application Management services , post implementation support and are considered experts in their respective practice areas of SAP.