User exits in the transaction PFCG

There aren’t any classic user exits or BAdI’s for transaction PFCG (role maintenance and profile generator), but there is a special feature, which can be interesting for you as it allows something simmilar. You can activate some “special user exits” for transaction PFCG and SU01.

Update: as of SAP Basis Release 7.31 there are new user exits (BAdI’s) after change of user available (manually with transaction SU01 or through IDoc).

Consider following notes in OSS:

  • 1750161 – User management: Saving additional information
  • 1796501 – User management: Executing additional checks
Here the names of new BAdI’s, have a look using transaction SE18:
  • BADI_IDENTITY_CHECK – Check Identity
  • BADI_IDENTITY_F4_AUTH_CHECK – BAdI for Authorization Checks in F4 Help Results
  • BADI_IDENTITY_SU01_CREATE – SU01: Exit for creating a user
  • BADI_IDENTITY_UPDATE – Update Identity

If you would like to test it, create a function which stops the processing in debugger.
See the example below (don’t forget to set the appropriate ‘your_user_id’ in the break statement):

FUNCTION zpfcg_exit.
*"----------------------------------------------------------------------
*"*"Local interface:
*"  IMPORTING
*"     VALUE(MAINTAIN) LIKE  SY-DATAR OPTIONAL
*"  EXCEPTIONS
*"      DIALOG_CANCELLED
*"----------------------------------------------------------------------

* Possible values for MAINTAIN parameter:
* 'S' - Display mode
* 'N' - Delete and recreate
* 'D' - Edit old status
* 'M' - Read old and merge
* 'X' - Generate

*  IF maintain <> 'S'.
*    MESSAGE e999(b1) WITH 'You have no authority' '' '' ''.
*    RAISE dialog_cancelled.
*  ENDIF.

  break your_user_id.

ENDFUNCTION.

Assign the function to all possible exits in customizing table of Session Manager (table SSM_CUST). You can find the possible key values in table SSM_CID or use the list below.

  • Z_AFTER_PROF_GEN
  • Z_BEFORE_BATCH_GEN
  • Z_BEFORE_PROF_GEN
  • Z_EXIT_AGR_DELETE
  • Z_EXIT_AGR_TRANSP
  • Z_EXIT_USERS_SAVE
  • Z_EXIT_USER_COPY
  • Z_EXIT_USER_DELETE
  • Z_FULL_USERPROF
  • Z_SAVE_AUTH_DATA
  • Z_SINGLE_USERPROF
  • Z_USERS_TRANSFER
Use transaction PFCG and check, when the exits are called.

I have the best experience with Z_BEFORE_PROF_GEN, it stops the program here (buttons are marked with red squares):

and Z_SAVE_AUTH_DATA stops here:

See other related notes on my website:

Scroll to Top