SAP role admins tips: Leverage OK-code commands

Have you ever wondered why clicking on a role assignment in SU01 opens PFCG, albeit in a new session?But why you cannot do the same in PFCG to navigate to a user? Or maybe you would like to navigate from PFCG to SU24 to correct a proposal and then go back to the role without having to deal with multiple sessions. In this article I’ll show you how you can do all that with ease!

Leveraging OK-code commands

When you click on any visible icon in PFCG, the program uses so-called OK-code commands to instruct the program what you clicked and what ABAP statement to follow next. For example, creating a role calls a different function module than deleting a role. Some of these commands are also implemented as CALL TRANSACTION or SUBMIT .. AND RETURN statements, which have the advantage that the option to go back to the previous screen or application is retained. We can leverage that, if the call target is SU01, SU24 or something similar.

The trick is, that these OK-code commands are sent from the user to the server via the normal transaction start command window. There the commands are usually mapped to the names of the transactions you might want to navigate to and back from.

Leveraging OK-code commands

So if you are in PFCG and want to quickly return to SU01, you do not need to go back to the SESSION_MANAGER or start a new session. Instead, you can simply enter the command SU01 and hit Enter. PFCG will take you to SU01 (if authorized) and from there, you can quickly return to PFCG by using the green “Back” button. You will land directly back in PFCG where you left off instead of having to start over again.

The same applies to SU01 – by entering the OK-code command PFCG you will be brought into the Profile Generator and when clicking “Back” you will be brought back to SU01 again, exactly where you left off.

More Transactions

Other transactions compatible with this “back and forth” principal include SU24 (authorization proposals), SU25 (upgrade tools) and SUIM (user information system). All three of these can also be navigated to (and back from) directly using OK-code commands, without losing the context of the transaction you departed from.

More Transactions

Additionally, there are some other useful and lesser-known commands for features which are hidden in the menus.

More Tips & Tricks

The OK-code command SCUA will run a text comparison from PFCG or from SU01.

WHEN ‘SCUA’. “Send ‘Textcompare’ to CUA master system


The OK-code command ROLE_CMP compares the menus of the current role in PFCG to a defined local or remote role in the system landscape.


The OK-code command XPRI lists all attributes of the role (such as menu, documentation, etc) and additionally also all the authorization data in a format which can either be printed or downloaded as a file to the workstation.

SUBMIT suprn_print_complete_agr WITH agr_name = agr_name_neu

More Tips & Tricks

Once you got used to some of the above tips and tricks, you can safe a lot of time back and forth between transactions you use every day.

Alessandro Banzer

Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 8999 002
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]

Attend our live webinars and learn more from our experts about SAP authorizations, XAMS, SAP IDM and many other topics in the context of SAP security.

Register now