{"id":11238,"date":"2020-07-24T01:15:54","date_gmt":"2020-07-23T23:15:54","guid":{"rendered":"https:\/\/www.xiting.us\/?p=11238"},"modified":"2025-10-01T10:48:25","modified_gmt":"2025-10-01T08:48:25","slug":"transaction-supo","status":"publish","type":"post","link":"https:\/\/xiting.com\/en\/transaction-supo\/","title":{"rendered":"Transaction SUPO: Promote authorization fields to organizational levels"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>The latest SAP S\/4HANA version comes with 40+ organizational levels that you can use to authorize end-users. Organizational levels are maintained at the header of a role and populate the value(s) to all authorization objects that require the organizational field.&nbsp;<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In some cases, customers have the requirement to promote authorization fields to organizational levels. One of the main reasons to promote authorization fields is the desire to decrease the maintenance effort of your roles. Maintaining organizational values can be tough. Fortunately, all SAP ABAP systems allow promoting non-org fields to org fields.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">With SAP NetWeaver 7.50 Support Package 9, SAP provides new functionality to promote authorization fields to customer-specific organizational levels. You can get more information from <a href=\"https:\/\/launchpad.support.sap.com\/#\/notes\/727536\/E\">SAP Note 727536 (FAQ | Use of customer-specific organizational levels in PFCG)<\/a>.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Note that former reports like PFCG_ORGFIELD_CREATE, PFCG_ORGFIELD_DELETE, PFCG_ORGFIELD_UPGRADE are obsolete, and you are required to use transaction SUPO.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can learn more about transaction code SUPO in <a href=\"https:\/\/launchpad.support.sap.com\/#\/notes\/2535602\/E\">SAP Note 2535602 (SUPO | Documentation, and transport connection for organizational level maintenance)<\/a>. Please note that SAP tcode SUPO_PREPARE is no longer required and has been locked.<\/p>\n\n\n\n<p style=\"color:#cd1316\" class=\"has-text-color warning wp-block-paragraph\"><strong>Xiting strongly advises to be extremely careful when using transaction SUPO as irreparable issues can occur. Use the information on this site at your own risk.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to Use Transaction SUPO (Org Levels for Profile Generator)?<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When you start transaction SUPO, you can see an overview of the available organizational fields (both SAP standard and customer-specific ones). You can double-click in the column \u201cAuthorization Field\u201d to see more details about the field.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"367\" src=\"https:\/\/www.xiting.us\/wp-content\/uploads\/2020\/07\/transaction-supo-organizational-levels-for-profile-generator-1024x367.png\" alt=\"\" class=\"wp-image-11265\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-organizational-levels-for-profile-generator-1024x367.png 1024w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-organizational-levels-for-profile-generator-300x108.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-organizational-levels-for-profile-generator-768x276.png 768w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-organizational-levels-for-profile-generator-1536x551.png 1536w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-organizational-levels-for-profile-generator.png 1901w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption>Org. Levels for Profile Generator<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">There are four ways to see where the organizational level is being used:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>SAP Standard applications through SU22 data<\/li><li>All applications through SU24 data (including customer-specific applications)<\/li><li>Roles that contain the organizational level<\/li><li>Authorization objects that use the organizational level<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">If you double-click in the column \u201cOrg. Level in SU22\u201d it will show you all the standard applications (transaction codes, function modules, etc.) which use the organizational level based on SU22 data. This works for SAP standard applications only.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"754\" height=\"527\" src=\"https:\/\/www.xiting.us\/wp-content\/uploads\/2020\/07\/transaction-supo-overview-org.-level-bukrs-in-default-values.png\" alt=\"\" class=\"wp-image-11267\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-overview-org.-level-bukrs-in-default-values.png 754w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-overview-org.-level-bukrs-in-default-values-300x210.png 300w\" sizes=\"(max-width: 754px) 100vw, 754px\" \/><figcaption>Org. Level $BUKRS in Default Values (SU22)<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Double-click in the column \u201cOrg. Level in SU24\u201d to see all the applications (transaction codes, function modules, etc.) based on SU24 data that use the organizational level. This works for all applications including customer-specific ones.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Double-click in the column \u201cOrg. Level in Roles\u201d to see all the roles that use the organizational level in its authorizations.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Double-click in the column \u201cObjects\u201d to see all the authorization objects that use the organizational level as one of its fields. You can further check authorization objects in transaction SU21 (Maintain Authorization Objects).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How to Create and Delete Organizational Levels?<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">To create and delete you have to be in change mode of the transaction. Once in change mode, you can either use OK commands or the buttons from the navigation pane. In some releases, the buttons are not shown and hence we are also mentioning the OK commands. The OK commands are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>=CREA_OLVL&nbsp; -&gt; to create an organizational level<\/li><li>=DELE_OLVL&nbsp; -&gt; to delete an organization level<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Note: once you promote a new organizational level you cannot go back easily. Be careful when using this functionality.\u00a0<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"123\" src=\"https:\/\/www.xiting.us\/wp-content\/uploads\/2020\/07\/transaction-supo-create-and-delete-buttons-1024x123.png\" alt=\"\" class=\"wp-image-11263\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-create-and-delete-buttons-1024x123.png 1024w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-create-and-delete-buttons-300x36.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-create-and-delete-buttons-768x92.png 768w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-create-and-delete-buttons.png 1310w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption>Create and Delete Organizational Level Icons<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Once you enter the OK command or click on the icon a new line will show. You can enter the desired authorization field and then hit save. For my example below &#8211; <strong>which I strongly advise not to replicate<\/strong> &#8211; the authorization field CLASS will get promoted as an organizational level. The system will ask you for a workbench transport which indicates that the change is client independent.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"882\" height=\"234\" src=\"https:\/\/www.xiting.us\/wp-content\/uploads\/2020\/07\/transaction-supo-class.png\" alt=\"\" class=\"wp-image-11261\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-class.png 882w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-class-300x80.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-class-768x204.png 768w\" sizes=\"(max-width: 882px) 100vw, 882px\" \/><figcaption>Creating custom organizational level CLASS<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">To refresh the screen, you have to restart the transaction so that the columns will get updated with information regarding the newly promoted organizational level.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Once you promote the authorization field to an organizational field, you have to update your SU24 data as well as your role data. In my example, the authorization field CLASS exists in various roles through objects like S_USER_GRP. The roles still contain the value but not as an organizational value on the header. That needs to be updated. Fortunately, the role still continues to work as the authorization profile did not get impacted. However, to maintain org levels, standard, or custom ones, you have to follow the standard approach through transaction PFCG &#8211; Profile Generator.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As an example, we can see that S_USER_GRP has the value SUPER but not through the header (which is empty).<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"883\" height=\"660\" src=\"https:\/\/www.xiting.us\/wp-content\/uploads\/2020\/07\/transaction-supo-change-role-authorizations.png\" alt=\"\" class=\"wp-image-11259\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-change-role-authorizations.png 883w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-change-role-authorizations-300x224.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/transaction-supo-change-role-authorizations-768x574.png 768w\" sizes=\"(max-width: 883px) 100vw, 883px\" \/><figcaption>Maintenance of organizational values in role<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">If you were to maintain the value at the header level, the old value which was previously maintained will remain as a \u201cmanual\u201d value. You have to manually update the authorization profile with the \u201cRead old merge new\u201d functionality of PFCG. Please note that this only works if you have properly maintained roles. If you don\u2019t, you run the risk of impacting your roles significantly.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">SAP recommends using report AGR_RESET_ORG_LEVELS which will reset (delete) all values of the organizational fields that are not maintained at the header level. Executing the report will lead to open organizational levels that you have to post-maintain. Please also note that you can only process one role at a time and it will be a time-consuming endeavor.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Removing a Proposed Organizational Level<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Removing a previously promoted organizational level can be tricky or even impossible. If you have maintained the organizational level in one of your roles and saved the profile, you cannot delete any longer as it exists in table AGR_1252. It only works when the organizational level is not used in any of the roles. You can check table AGR_1252 where the organizational level is in use and temporarily remove the authorization objects from the roles and then delete the organizational level. After that, you have to go back to your roles and add the previously removed authorizations back.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Frequently Asked Questions (FAQs)<\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1595534569097\"><strong class=\"schema-faq-question\"><strong>Will the role maintenance be impacted when using transaction SUPO?<\/strong><\/strong> <p class=\"schema-faq-answer\">Role maintenance will not be impacted by the transaction SUPO. However, by promoting non-org fields to organizational fields you have to update the impacted roles that carry the newly promoted organizational field. The ABAP authorization and role management processes remain the same.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1595534586108\"><strong class=\"schema-faq-question\"><strong>What impact does the transaction SUPO have on my old roles?<\/strong><\/strong> <p class=\"schema-faq-answer\">When promoting a new organizational level, you have to post-maintain old roles. Your old roles contain the newly promoted org level as \u201cnormal\u201d authorization objects which need to be updated.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1595534604155\"><strong class=\"schema-faq-question\"><strong>What\u2019s the prerequisite to use transaction SUPO?<\/strong><\/strong> <p class=\"schema-faq-answer\">Transaction SUPO comes with the SAP basis component BC-SEC as part of SAP Package S_PROFGEN. Your SAP system must be on SAP NetWeaver 7.50 Support Package 9.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1595534616380\"><strong class=\"schema-faq-question\"><strong>Are there other standard transactions that are impacted by transaction SUPO?<\/strong><\/strong> <p class=\"schema-faq-answer\">Transaction SUPO does not have any side-effects on your ABAP role administration. You can continue to use transactions PFCG (Profile Generator), PFUD (User Master Data Reconciliation), SUPC (Mass Generation of Profiles), SUIM (User Information System), SU24 (Maintain Authorization Default Values), etc. You continue to build your roles through the profile generator (e.g. by adding SAP transaction codes to the role menu) and build the authorization profile.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1595534627490\"><strong class=\"schema-faq-question\"><strong>Is there any customization required in table SSM_CUST?<\/strong><\/strong> <p class=\"schema-faq-answer\">Transaction SUPO does not require any customization in table SSM_CUST, USR_CUST, etc. There is also not need to customize in transaction SPRO (IMG activity).\u00a0<\/p> <\/div> <\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Transaction SUPO can be a useful instrument to promote authorization fields to organizational fields to simplify the authorization management process. However, you should be aware of the risks and impact this has on your system. If you are unsure whether or not to promote an authorization field, please feel free to reach out to one of our experts to learn more.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The latest SAP S\/4HANA version comes with 40+ organizational levels that you can use to authorize end-users. Organizational levels are maintained at the header of a role and populate the value(s) to all authorization objects that require the organizational field.&nbsp; In some cases, customers have the requirement to promote authorization fields to organizational levels. One [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":11248,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[1835],"tags":[],"class_list":["post-11238","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.8 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Transaction SUPO: Promote authorization fields to organizational levels | Xiting<\/title>\n<meta name=\"robots\" content=\"noindex, nofollow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Transaction SUPO: Promote authorization fields to organizational levels\" \/>\n<meta property=\"og:description\" content=\"The latest SAP S\/4HANA version comes with 40+ organizational levels that you can use to authorize end-users. Organizational levels are maintained at the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiting.com\/en\/transaction-supo\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XitingAG\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-23T23:15:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-01T08:48:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1383\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alessandro Banzer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alessandro Banzer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/\"},\"author\":{\"name\":\"Alessandro Banzer\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/person\\\/9f4b7239bdd4d109e5a45c9432779d5e\"},\"headline\":\"Transaction SUPO: Promote authorization fields to organizational levels\",\"datePublished\":\"2020-07-23T23:15:54+00:00\",\"dateModified\":\"2025-10-01T08:48:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/\"},\"wordCount\":1315,\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/shutterstock_1022824408-scaled.jpg\",\"articleSection\":[\"SAP Security\"],\"inLanguage\":\"en-US\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/\",\"name\":\"Transaction SUPO: Promote authorization fields to organizational levels | Xiting\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/shutterstock_1022824408-scaled.jpg\",\"datePublished\":\"2020-07-23T23:15:54+00:00\",\"dateModified\":\"2025-10-01T08:48:25+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534569097\"},{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534586108\"},{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534604155\"},{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534616380\"},{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534627490\"}],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/shutterstock_1022824408-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/shutterstock_1022824408-scaled.jpg\",\"width\":2560,\"height\":1383,\"caption\":\"Symbolbild Digitalisierung: Eine Hand ber\u00fchrt einen leuchtenden, vernetzten digitalen Globus vor einer Stadtkulisse\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/xiting.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Transaction SUPO: Promote authorization fields to organizational levels\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/\",\"name\":\"Xiting\",\"description\":\"Your Expert for SAP Security\",\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xiting.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\",\"name\":\"Xiting\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/xiting-logo.png\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/xiting-logo.png\",\"width\":960,\"height\":504,\"caption\":\"Xiting\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XitingAG\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/1345129\\\/\",\"https:\\\/\\\/www.instagram.com\\\/xiting.global\\\/\",\"https:\\\/\\\/www.crunchbase.com\\\/organization\\\/xiting\",\"https:\\\/\\\/www.youtube.com\\\/@Xiting\"],\"description\":\"Xiting wurde 2008 von erfahrenen SAP-Beratern in der Schweiz gegr\u00fcndet. Heute besch\u00e4ftigt das Unternehmen 140 Mitarbeitende an mehreren Standorten weltweit. Die SAP Security Consultants von Xiting bringen tiefes Fachwissen aus der Projektpraxis mit und betreuen \u00fcber 700 nationale und internationale Kunden \u2013 remote und vor Ort.\",\"email\":\"info@xiting.ch\",\"telephone\":\"+41 43422 8803\",\"legalName\":\"Xiting AG\",\"foundingDate\":\"2008-06-01\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"51\",\"maxValue\":\"200\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/person\\\/9f4b7239bdd4d109e5a45c9432779d5e\",\"name\":\"Alessandro Banzer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g\",\"caption\":\"Alessandro Banzer\"},\"description\":\"Alessandro has worked in the field of IT since 2004, specializing in SAP in 2009 and working on global SAP projects in various roles since that date. Alessandro is an active contributor and moderator in the Governance, Risk, and Compliance space on SAP SCN. Alessandro is in charge of Xiting's operations in the United States and a subject matter expert in SAP Access Control, SAP Cloud IAG, and SAP Security.\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/author\\\/admin\\\/\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534569097\",\"position\":1,\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534569097\",\"name\":\"Will the role maintenance be impacted when using transaction SUPO?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Role maintenance will not be impacted by the transaction SUPO. However, by promoting non-org fields to organizational fields you have to update the impacted roles that carry the newly promoted organizational field. The ABAP authorization and role management processes remain the same.\u00a0\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534586108\",\"position\":2,\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534586108\",\"name\":\"What impact does the transaction SUPO have on my old roles?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"When promoting a new organizational level, you have to post-maintain old roles. Your old roles contain the newly promoted org level as \u201cnormal\u201d authorization objects which need to be updated.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534604155\",\"position\":3,\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534604155\",\"name\":\"What\u2019s the prerequisite to use transaction SUPO?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Transaction SUPO comes with the SAP basis component BC-SEC as part of SAP Package S_PROFGEN. Your SAP system must be on SAP NetWeaver 7.50 Support Package 9.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534616380\",\"position\":4,\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534616380\",\"name\":\"Are there other standard transactions that are impacted by transaction SUPO?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Transaction SUPO does not have any side-effects on your ABAP role administration. You can continue to use transactions PFCG (Profile Generator), PFUD (User Master Data Reconciliation), SUPC (Mass Generation of Profiles), SUIM (User Information System), SU24 (Maintain Authorization Default Values), etc. You continue to build your roles through the profile generator (e.g. by adding SAP transaction codes to the role menu) and build the authorization profile.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534627490\",\"position\":5,\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/transaction-supo\\\/#faq-question-1595534627490\",\"name\":\"Is there any customization required in table SSM_CUST?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Transaction SUPO does not require any customization in table SSM_CUST, USR_CUST, etc. There is also not need to customize in transaction SPRO (IMG activity).\u00a0\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Transaction SUPO: Promote authorization fields to organizational levels | Xiting","robots":{"index":"noindex","follow":"nofollow"},"og_locale":"en_US","og_type":"article","og_title":"Transaction SUPO: Promote authorization fields to organizational levels","og_description":"The latest SAP S\/4HANA version comes with 40+ organizational levels that you can use to authorize end-users. Organizational levels are maintained at the","og_url":"https:\/\/xiting.com\/en\/transaction-supo\/","og_site_name":"Xiting","article_publisher":"https:\/\/www.facebook.com\/XitingAG","article_published_time":"2020-07-23T23:15:54+00:00","article_modified_time":"2025-10-01T08:48:25+00:00","og_image":[{"width":2560,"height":1383,"url":"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-scaled.jpg","type":"image\/jpeg"}],"author":"Alessandro Banzer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alessandro Banzer","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiting.com\/en\/transaction-supo\/#article","isPartOf":{"@id":"https:\/\/xiting.com\/en\/transaction-supo\/"},"author":{"name":"Alessandro Banzer","@id":"https:\/\/xiting.com\/en\/#\/schema\/person\/9f4b7239bdd4d109e5a45c9432779d5e"},"headline":"Transaction SUPO: Promote authorization fields to organizational levels","datePublished":"2020-07-23T23:15:54+00:00","dateModified":"2025-10-01T08:48:25+00:00","mainEntityOfPage":{"@id":"https:\/\/xiting.com\/en\/transaction-supo\/"},"wordCount":1315,"publisher":{"@id":"https:\/\/xiting.com\/en\/#organization"},"image":{"@id":"https:\/\/xiting.com\/en\/transaction-supo\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-scaled.jpg","articleSection":["SAP Security"],"inLanguage":"en-US"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/xiting.com\/en\/transaction-supo\/","url":"https:\/\/xiting.com\/en\/transaction-supo\/","name":"Transaction SUPO: Promote authorization fields to organizational levels | Xiting","isPartOf":{"@id":"https:\/\/xiting.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xiting.com\/en\/transaction-supo\/#primaryimage"},"image":{"@id":"https:\/\/xiting.com\/en\/transaction-supo\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-scaled.jpg","datePublished":"2020-07-23T23:15:54+00:00","dateModified":"2025-10-01T08:48:25+00:00","breadcrumb":{"@id":"https:\/\/xiting.com\/en\/transaction-supo\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534569097"},{"@id":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534586108"},{"@id":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534604155"},{"@id":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534616380"},{"@id":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534627490"}],"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiting.com\/en\/transaction-supo\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiting.com\/en\/transaction-supo\/#primaryimage","url":"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-scaled.jpg","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2020\/07\/shutterstock_1022824408-scaled.jpg","width":2560,"height":1383,"caption":"Symbolbild Digitalisierung: Eine Hand ber\u00fchrt einen leuchtenden, vernetzten digitalen Globus vor einer Stadtkulisse"},{"@type":"BreadcrumbList","@id":"https:\/\/xiting.com\/en\/transaction-supo\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiting.com\/en\/"},{"@type":"ListItem","position":2,"name":"Transaction SUPO: Promote authorization fields to organizational levels"}]},{"@type":"WebSite","@id":"https:\/\/xiting.com\/en\/#website","url":"https:\/\/xiting.com\/en\/","name":"Xiting","description":"Your Expert for SAP Security","publisher":{"@id":"https:\/\/xiting.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiting.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiting.com\/en\/#organization","name":"Xiting","url":"https:\/\/xiting.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiting.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/xiting.com\/wp-content\/uploads\/2025\/08\/xiting-logo.png","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2025\/08\/xiting-logo.png","width":960,"height":504,"caption":"Xiting"},"image":{"@id":"https:\/\/xiting.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XitingAG","https:\/\/www.linkedin.com\/company\/1345129\/","https:\/\/www.instagram.com\/xiting.global\/","https:\/\/www.crunchbase.com\/organization\/xiting","https:\/\/www.youtube.com\/@Xiting"],"description":"Xiting wurde 2008 von erfahrenen SAP-Beratern in der Schweiz gegr\u00fcndet. Heute besch\u00e4ftigt das Unternehmen 140 Mitarbeitende an mehreren Standorten weltweit. Die SAP Security Consultants von Xiting bringen tiefes Fachwissen aus der Projektpraxis mit und betreuen \u00fcber 700 nationale und internationale Kunden \u2013 remote und vor Ort.","email":"info@xiting.ch","telephone":"+41 43422 8803","legalName":"Xiting AG","foundingDate":"2008-06-01","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"51","maxValue":"200"}},{"@type":"Person","@id":"https:\/\/xiting.com\/en\/#\/schema\/person\/9f4b7239bdd4d109e5a45c9432779d5e","name":"Alessandro Banzer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bd69cf75d8008518f801684fb686af7daad3e988b323551989d44fb47d82a240?s=96&d=mm&r=g","caption":"Alessandro Banzer"},"description":"Alessandro has worked in the field of IT since 2004, specializing in SAP in 2009 and working on global SAP projects in various roles since that date. Alessandro is an active contributor and moderator in the Governance, Risk, and Compliance space on SAP SCN. Alessandro is in charge of Xiting's operations in the United States and a subject matter expert in SAP Access Control, SAP Cloud IAG, and SAP Security.","url":"https:\/\/xiting.com\/en\/author\/admin\/"},{"@type":"Question","@id":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534569097","position":1,"url":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534569097","name":"Will the role maintenance be impacted when using transaction SUPO?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Role maintenance will not be impacted by the transaction SUPO. However, by promoting non-org fields to organizational fields you have to update the impacted roles that carry the newly promoted organizational field. The ABAP authorization and role management processes remain the same.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534586108","position":2,"url":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534586108","name":"What impact does the transaction SUPO have on my old roles?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"When promoting a new organizational level, you have to post-maintain old roles. Your old roles contain the newly promoted org level as \u201cnormal\u201d authorization objects which need to be updated.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534604155","position":3,"url":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534604155","name":"What\u2019s the prerequisite to use transaction SUPO?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Transaction SUPO comes with the SAP basis component BC-SEC as part of SAP Package S_PROFGEN. Your SAP system must be on SAP NetWeaver 7.50 Support Package 9.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534616380","position":4,"url":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534616380","name":"Are there other standard transactions that are impacted by transaction SUPO?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Transaction SUPO does not have any side-effects on your ABAP role administration. You can continue to use transactions PFCG (Profile Generator), PFUD (User Master Data Reconciliation), SUPC (Mass Generation of Profiles), SUIM (User Information System), SU24 (Maintain Authorization Default Values), etc. You continue to build your roles through the profile generator (e.g. by adding SAP transaction codes to the role menu) and build the authorization profile.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534627490","position":5,"url":"https:\/\/xiting.com\/en\/transaction-supo\/#faq-question-1595534627490","name":"Is there any customization required in table SSM_CUST?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Transaction SUPO does not require any customization in table SSM_CUST, USR_CUST, etc. There is also not need to customize in transaction SPRO (IMG activity).\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/posts\/11238","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/comments?post=11238"}],"version-history":[{"count":0,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/posts\/11238\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/media\/11248"}],"wp:attachment":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/media?parent=11238"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/categories?post=11238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/tags?post=11238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}