Role Derivation 
Role derivation allows administrators to derive one or more roles from a single master role. The master role serves as the template for the authorizations and attributes. The derived roles are differentiated from the master role and each other by organizational levels.
You can choose any role of the role type Single Role to be a master role. The application automatically creates the relationship between the master role and the derived roles.
The attributes, such as business process, and so on, are propagated to the derived roles only when the derived roles are created. After creation, they are independent roles, and any changes to the attributes in the master role are not propagated.
The authorization data, such as transactions, objects, fields, and so on, continues to be propagated but not automatically. You can choose to manually propagate authorization data changes to the master role by going to the Maintain Authorization screen and doing the following:
For the master role, choose the Propagate Authorizations pushbutton to propagate authorizations to the derived roles.
For the derived roles, choose the Copy Authorization pushbutton to copy authorizations from the master role.
Note
All authorization data is propagated, except for organizational levels.
Example
In this example, there are four identical roles that are differentiated for each company code. (The organizational level is mapped as the company code BUKRS.)
