Like others said AGR* tables will help

if you need to also have parent child relationship use AGR_define, apart from using AGR_1251

you also have AGR_1252 which will give you role to Organization level details

Authorization Matrix - Not any table / programme will work for you in this case, you better maintain below checklist :

1) Gather company data : Organization Structure HR will help you in this. (you need to get all details on Organization values such as Company Code, Plant, Purchasing / Sales Organization etc.,

2) Prepare a sheet for every module (PP,MM,SD,FI,CO,HR etc.,)

3) Study the Organization structure & Identify the Job responsibility of the person in current organization & what function he / she will do in SAP.

4) A sheet contains T-codes & description (you can get list of tcodes from respective functional consultant), Role Name, Activity - create/change/display et.,

5) Don't add all t-codes Ex- PP : Add only those tcodes access by you users : End or Core users. Sometime it doesn;t make sense to give create / change / delete t-codes to a user who's only responsible for doing data entry job or a user who is responsible only for creating materials not approving / sending.

6) Make a sheet that maps you users to role

7) Always review / approve your Matirx from respective Functional Head, as a BASIS we can't take decision on Functional side.

😎 Always test you roles in DEV / QAS (training client) assigned to a test user by your functional cunsultant.

9) Always remember of cross functionality authorizations (like some time they may

10) Always make sure that none of the user gets any BASIS activity authorization.

I gather above points from my experience where I was involved in designing Matrix, It can be defferent depends upon the organization.

Regards;

This message was moderated.