Role Derivation

Role derivation allows administrators to derive roles from a single master role. The master role serves as the template for the authorizations and attributes. The derived roles are differentiated from the master role and each other by organizational levels.

You can choose any role of the role type Single Role to be a master role. The application automatically creates the relationship between the master role and the derived roles.

The attributes, such as business process, are propagated to the derived roles only when the derived roles are created. After creation, they are independent roles, and any changes to the attributes in the master role are not propagated.

The authorization data, such as transactions, objects, fields, and so on, continues to be propagated but not automatically. You can choose to manually propagate authorization data changes to the master role by going to the Maintain Authorization screen and doing the following:

• For the master role, choose the Propagate Authorizations pushbutton to propagate authorizations to the derived roles.

• For the derived roles, choose the Copy Authorization pushbutton to copy authorizations from the master role.