In my current assignment we had a requirement to covert a PFCG authorization field to an organization level. There are lots of blogs and information are available and we have tried those information and methods to achieve the expected results. But those methods have been changed and hence I think I should share latest information about those method to help our SAP Security Community.
Conversion of Field to Org Level
Available Method: To convert field to org. level you need to run PFCG_ORGFIELD_CREATE. This program actually does the conversion.
Issue#1: When we are trying to run this program, we got an error mentioning that this program is obsolete.
Details: Whoever is in below SP level, PFCG_ORGFIELD_* programs are obsolete
SAP NetWeaver 7.5 SP 09 (SAPK-75009INSAPBASIS)
SAP NetWeaver 7.51 SP 03 (SAPK-75103INSAPBASIS)
SAP NetWeaver 7.52 SP 01 (SAPK-75201INSAPBASIS)
Resolution: SAP has delivered new transaction SUPO to run this program (See note 2625102)
Issue#2: As per note 2625102, we tried to run SUPO in the ECC system. But this transaction was taking long time and ended with runtime error.
Resolution: There are multiple notes available for SUPO performance issue (2650101/2691387). However in our case 2691387 has resolved the issue. We have not applied any other note. Hence, I would recommend you to go through both notes and apply accordingly. Please work with your ABAP team to implement the note.
Actual Method (We followed): Below are steps we followed for the conversion.
Step#1: Run transaction (SUPO_SEL) and you will get below screen.
Step#2: You need NOT to input anything in this screen and click on the execution button. You will get a screen without any values.
Step#3: In the input section (where you provide the t-codes) type =CREA_OLVL and hit enter. You will get below screen where you need to input your field name.
Step#4: After you provide the field name, press enter. The other inputs like org.level, Short Text will be filled up automatically. You will get the transport request pop up when you press the save button.
Step#5: Give your TR details and save it. It may take several minutes, and you may get timed out error. But don’t worry it will do the job. Please check the TR content.
How to check if org level created successfully? Check if your new org level has entries in below tables: