Login to the SAP ABAP instance as a SAP administrator.
Launch the SAP Easy Access console and execute the transaction code i.e. PFCG.
The Role Maintenance page will then appear. Create a new role by specifying a unique role name against Role in the page that appears. To create a single role with the given name, click on Single Role.
In the Authorizations tab page, propose a profile name and click on the icon near the Profile Name text box in the Information About Authorization Profile section.
The page that appears next will display the proposed profile name. Accept the proposed name and then click on the Change Authorization Data icon to change the authorization data.
To change the authorization data manually, click on Manually button in the Change Role: Authorizations page.
In the next page that appears, manually specify every authorization object - i.e., privilege - that you want to add to the new role.
For the purpose of monitoring, the following authorization objects will have to be added to the new role:
| Auth. Object |
Description |
When do you need it? |
| S_RFC |
Authorization check for RFC access |
Authorization check when using RFC to access program modules. |
| S_TABU_DIS |
Table maintenance |
Used to check the authorization for displaying and maintaining table contents |
| S_XMI_PROD |
Auth. For external management interfaces(XMI) |
This authorization object is used to define which SAP ABAP user, acting on behalf of which external tool, may use which XMI interface. |
| S_TOOLS_EX |
Tools Performance Monitor |
Tools Performance Monitor gives Access to special functions.(Authorization to display external statistics records in monitoring tools) |
| S_RZL_ADM |
System Administration |
Is responsible for SAP ABAP System administration using the CCMS. |
Once the authorization objects are specified, click the first icon in the right corner of the window to save the specification.
Then, click on the icon to generate the objects. With that, the new role is generated.
Now, proceed to assign the new role to an existing SAP user. For this, type SU01 as the transaction code in the text box.
In the User maintenance: Initial Screen that appears, click on the icon next to the User text box to select the SAP user to whom you want to assign the new role.
Once that user's profile opens, click the Roles tab page.
When the Roles tab page appears, first, click on the Role column in the first row of the Role Assignments table therein. Click on the button that appears in the first row to select the new role. This will automatically populate the first row of the Role Assignments table with the details of the new role, thus indicating that the new role has been assigned to the SAP user.
Finally, save the user specification.