Concept for in-house developments
Analyze user buffer SU56
The case that the user buffer is not up to date is very rare. The auth/new_buffering profile parameter sets the value 4 to immediately update the permissions, i.e. changes to the user root or roles or profiles, and write them to the USRBF2 database table without requiring a new login. This value is set by default. The fact that the buffer is not up-to-date is recognised by the fact that existing permissions that are not in the buffer are marked in the transaction SU56 with the note "In the root data but not in the user buffer".
In order to transport this table entry, you must go to the object list of the transport order in transaction SE09 and manually create an entry there with object key R3TR TABU KBEROBJ. Double-click on the key list, and you will be taken to the care image where you have to create an entry with *. This will transport all entries in the KBEROBJ table starting with a space. You must then move the RESPAREA field to the organisational level. Please follow the instructions in our Tip 49, "Add New Organisation Levels". If you use more than one Cost Centre or Profit Centre hierarchy with inheritance logic for the permissions, you must set this in the Customising cost accounting circles through the transaction OKKP. There you can decide in the year independent basic data which hierarchies you want to use. In the basic data for the year, you then define which hierarchies should be used per fiscal year. You can use up to three hierarchies for entitlement award for cost centres and profit centres.
Roles and permissions in SAP SuccessFactors often grow organically and become confusing
Now switch to User Care and you will find that this PFCG role is not yet assigned to your user. To do this, you must first perform the user master synchronisation. You can perform this manually via the transaction PFUD or schedule it as a job. The background job PFCG_TIME_DEPENDENCY or the report RHAUTUPD_NEW is intended for this.
"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.
At "www.sap-corner.de" you will also find a lot of useful information on the subject of SAP authorizations.
In the USR_CUST table, set CHECK_MOVE_4_CNG_GRP to YES.