Show TOC

Background documentationRole Derivation Locate this document in the navigation structure


Role derivation allows administrators to derive one or more roles from a single master role. The master role serves as the template for the authorizations and attributes. The derived roles are differentiated from the master role and each other by organizational levels.

You can choose any role of the role type Single Role to be a master role. The application automatically creates the relationship between the master role and the derived roles.

The attributes, such as business process, and so on, are propagated to the derived roles only when the derived roles are created. After creation, they are independent roles, and any changes to the attributes in the master role are not propagated.

The authorization data, such as transactions, objects, fields, and so on, continues to be propagated but not automatically. You can choose to manually propagate authorization data changes to the master role by going to the Maintain Authorization screen and doing the following:

  • For the master role, choose the Propagate Authorizations pushbutton to propagate authorizations to the derived roles.

  • For the derived roles, choose the Copy Authorization pushbutton to copy authorizations from the master role.

Note Note

All authorization data is propagated, except for organizational levels.

End of the note.

Example Example

In this example, there are four identical roles that are differentiated for each company code. (The organizational level is mapped as the company code BUKRS.)

This graphic is explained in the accompanying text.

End of the example.