Lots of the Practical Consultants face points in understanding what are the Roles and what are Authorizations in SAP. This can be a doc which might assist people who find themselves curious to know what is precisely the idea behind this and the way does it work.

Practical Consultants have lots of questions in thoughts concerning this idea and one of many fundamental questions right here is why ought to Practical Consultants fear about Roles and Authorization when it’s a job of BASIS group.

Properly, to reply this, it’s not solely a job of BASIS group moderately additionally it is like different actions, it an built-in exercise which ought to be carried out by each BASIS group and Practical group.

BASIS group have a know the way concerning the Person Administration, Roles Creation, Profile Creation, Roles and Profile project, Authorization assignments and many others. however fundamental concern in a lot of the circumstances arises when the beneath questions are unanswered by BASIS group:

  1. Whom to Assign the Roles or transactions
  2. What to Limit in a transaction and for whom
  3. authorize Customized transactions

and plenty of extra such questions can’t be answered by BASIS group. Therefore, it turns into the position of a Practical Guide to information them with the precise course of circulate and precise organizational chart.

Explaining with a small instance right here, suppose we’ve a upkeep group as beneath:

  1. Supervisor – He’s liable for notifying the breakdown or Corrective Upkeep necessities
  2. Upkeep In-charge – He’s liable for assigning the above duties to Engineers
  3. Head of the division – He’s liable for approving the Upkeep duties.

Now, Practical Guide could be very properly conscious that for Supervisor would require solely the transactions associated to Notifications (say IW21, IW22, IW28, IW29 and many others), Upkeep In-charge would require a few of the notification associated transactions (say IW22, IW28, IW29) and in addition order associated transactions (IW31, IW32, IW38, IW39 and many others) and the Head of the division would require notifications and order transactions (say IW28, IW29, IW38, IW39) and in addition together with this he require particular permissions like releasing orders, approving permits, technical completions and many others.

Trying from BASIS group’s perspective they aren’t clear with these necessities they usually thus can not take the choice for this and ought to be offered by Practical Consultants.

However, the primary situation in a lot of the circumstances arises when Practical Consultants aren’t conscious concerning the idea of Roles and Authorizations.

Hereby, this doc will clarify the fundamental idea of Roles and Authorizations:


Roles and Authorizations enable the customers to entry SAP Commonplace in addition to customized Transactions in a safe method.

SAP gives sure set of generic Commonplace roles for various modules and completely different situations.

We are able to additionally outline consumer outlined roles based mostly on the Mission state of affairs conserving beneath idea in thoughts:

There are mainly two sorts of Roles:

  1. Grasp Roles – With Transactions, Authorization Objects and with all organizational degree administration.
  2. Derived Roles –With organizational degree administration and Transactions and Authorization Object copied from Grasp Function.

The rationale behind this idea is to simplify the administration of Roles.


A Grasp Function or a Derived Function is having beneath elements inside it:

  1. Transaction Codes
  2. Profile
  3. Authorization Objects
  4. Group degree

Transaction Codes: SAP Transaction codes (Commonplace or customized)

Profile: Profiles are the objects that truly retailer the authorization knowledge and Roles are the Container that incorporates the profile authorization knowledge.

Authorization Objects: Objects that outline the relation between completely different fields and in addition helps in limiting/ permitting the values of that exact area (For ex: Authorization object I_VORG_ORD: PM: Enterprise Operation for Orders, incorporates relation between fields: AUFART = Order Kind and BETRVORG Enterprise Transaction).

Authorization objects are literally outlined in applications which are executed for any specific transactions. We are able to additionally create customized authorization objects for any specific transaction (usually customized transaction).

Group degree: This defines really the organizational components in SAP for ex: Firm Code, Plant, Planning Plant, Buy group, Gross sales group, Work Facilities, and many others.

Suppose we take an instance of making a job for Upkeep In-charges in a selected trade who’re liable for completely different upkeep vegetation. Contemplate the Situation as beneath:

Firm = C1, Upkeep Crops = M1, M2, M3 and M4 (Therefore assuming 4 Shift In-charges).

As talked about earlier than, Upkeep In-charge can have rights to following transactions – IW22, IW23, IW28, IW29, IW31, IW32, IW38 and IW39 however he won’t have rights to launch the Upkeep order.


Therefore, contemplating the above scenario, we are going to create a typical Grasp position for all 4 Upkeep In-charges say ZMPM_MAIN_IN_CHARGE_ROLE (Right here the position title begins with ZMPM to make us perceive that it’s a Z Master Function for Plant Maintenance ) with transaction talked about above with all rights (with worth “*”) contained in the transactions however solely limiting launch of Upkeep order with the assistance of authorization object I_VORG_ORD and eradicating worth: BFRE and area: BETRVORG however with all any organizational degree (say plant) project.

Now based mostly on this Grasp Function we’ve to create derived Roles for all 4 Upkeep In-charges individually say for first Upkeep In-Cost we create a derived position ZDPM_MAIN_IN_CHARGE_ROLE_MI1 referring the above Grasp Function ZMPM_MAIN_IN_CHARGE_ROLE. This can copy all of the transactions and authorization objects from Grasp Function however won’t copy the organizational degree assignments which we’ve assigned in Grasp Function. Therefore, we have to preserve the organizational degree for the derived position (say Plant P1).

Right here as soon as we save (& Generate) the Grasp in addition to Derived Function we are able to assign this position to the Person ID for the actual Upkeep In-charge.

NOTE : Please do not copy -
See also  Dell XPS 15 vs Surface Laptop 4 15-inch: Which should you buy?

Leave a Reply