To help you avoid struggling with missing organizational level configurations in your next authorization rollout project, Sascha Heckmann has a practical tip on how to prevent the loss of these configurations in your authorization roles.

SAP is one of the world’s largest providers of business software, and its products are constantly evolving. As a result, it’s no surprise that new versions and fixes can lead to problems with existing components in isolated cases. SAP Note 2333270 (“Automatic Update of Texts for Generated Authorizations”) from April 2017 offers one such example.

When you install this SAP Note, you will lose the authorization roles up- or downloaded to a system when performing mass generation of organizational level profiles using SUPC/PFCGMASSVAL. The same applies to the creation of authorization roles with various tools, but not to profile generation using transaction PFCG.

SAP recognized the issue and responded with SAP Note 2460803 (“SUPC/PFCGMASSVAL: Loss of Organizational Level Values”, version 1) from April 2017.

In our experience, the components affected (SUPC and PFCGMASSVAL, along with the underlying modules) work as they should again after installing this note.

Sascha Heckmann
Authorization Consultant at AKQUINET

Are you interested in more tips and tricks in the field of SAP Security & Compliance? Then we invite you to browse through our category “Practical Tips” or follow this blog and don’t miss any more news. Furthermore we invite you to have a look at our SAST SOLUTIONS Website.