Authorization Concept & Roles (PFCG)

What is an authorization, and what does it mean that the SAP model is positive?

What is a composite role, and what can't you do with its authorizations?

How do transported roles reach production, and what two steps must happen before users get the new authorizations?

What two authorization checks happen when a transaction is called?

How are authorizations bundled, and how are profiles created in the modern model?

Which background job keeps role assignments current, and why schedule it?

What are the two steps of maintaining a customer role in PFCG, and what do the traffic lights mean?

Why should you copy SAP standard roles before changing them?

Why does SAP recommend splitting the system-administrator and authorization-administrator roles?

What does the ACTVT field do, and what do common values like 01, 02, 03, 06 mean?

Where can a role be assigned, and what makes the generated profile actually take effect?

What does a PFCG role contain, and what parameter must be active for its authorization profile to be generated?

What are the key administrative authorization profiles SAP_ALL, SAP_NEW, and S_A.*?

Which dedicated administrative roles should replace using SAP* with SAP_ALL?

In SAP S/4HANA with Fiori, how is a business role related to the classic PFCG role?

What is an authorization object, and where are object classes shown?

What do you run after an upgrade to align authorizations, and what is SAP_NEW used for?

Which transactions help diagnose a missing authorization after a failed action?