The authorizations for users are created using roles and profiles. The administrator creates the roles, and the system supports him or her in creating the associated authorizations.
An authorization is a permission to perform a certain action in the SAP System. The action is defined on the basis of the values for the individual fields of an authorization object. When a user logs on to a client of an SAP system, his or her authorizations are loaded in the user context. The user context is in the user buffer( in the main memory) of the application Server.
This document details step by step procedure for creating roles through PFCG transaction. It would be useful giving a try to reading PFCG Concept in SAP. You will also be provided advanced concepts