8/16/2019 Basic Understanding of Roles and Authorization

1/3

8/16/2019 Basic Understanding of Roles and Authorization

2/3

Roles and Authorizations allow the users to access SAP Standard as wellas custom Transactions in a secure way.SAP pro"ides certain set of generic Standard roles for di;erent modulesand di;erent scenarios.'e can also de*ne user de*ned roles !ased on the Pro$ect scenario

keeping !elow concept in mind+ 

 There are !asically two types of Roles+,. Master Roles 2 'ith Transactions( Authorization

organizational le"el management.-. =eri"ed Roles 2'ith organizational le"el management and

 Transactions and Authorization

 The reason !ehind this concept is to simplify the management of Roles. 

WHAT ARE THE COMPONENTS OF A ROLE: 

A Master Role or a =eri"ed Role is ha"ing !elow components inside it+

,.  Transaction Codes

-. Pro*le

. Authorization

>. also helps in restricting? allowing the "alues of that particular *eld 5For e+ Authorization

o!$ect I&'OR(&ORD: PM+ %usiness 5/ence assuming > Shift &n3

charges8.

 

As mentioned !efore( Maintenance &n3charge will ha"e rights to following transactions 2

&'--( &'-( &'-6( &'-7( &',( &'-( &'6 and &'7 !ut he will not ha"e rights to

release the Maintenance order.

 

8/16/2019 Basic Understanding of Roles and Authorization

3/3

E+PLAININ( WITH AN E+AMPLE: 

/ence( considering the a!o"e situation( we will create a common Master role for all >

Maintenance &n3charges say ZMPM&MAIN&IN&CHAR(E&ROLE 5/ere the role name

starts with ZMPM to make us understand that it is a Z Master Role

for Plant Maintenance 8 with transaction mentioned a!o"e with all rights 5with "alue DE8inside the transactions !ut only restricting release of Maintenance order with the help of

authorization o!$ectI&'OR(&ORD and remo"ing "alue+ ,FRE and *eld+ ,ETR'OR( !ut

with all any organizational le"el 5say-ant8 assignment.

 

4ow !ased on this Master Role we ha"e to create deri"ed Roles for all > Maintenance &n3

charges indi"idually say for *rst Maintenance &n3Charge we create a deri"ed

role ZDPM&MAIN&IN&CHAR(E&ROLE&MI.referring the a!o"e Master

Role ZMPM&MAIN&IN&CHAR(E&ROLE. This will copy all the transactions and

authorization o!$ects from Master Role !ut will not copy the organizational le"el

assignments which we ha"e assigned in Master Role. /ence( we need to maintain the

organizational le"el for the deri"ed role 5say PlantP.8. 

/ere once we sa"e 5 Benerate8 the Master as well as =eri"ed Role we can assign this

role to the )ser &= for the particular Maintenance &n3charge.