Show TOC

Creating Logical Roles for a Security ConfigurationLocate this document in the navigation structure

Use logical roles to control access and/or group a large number of users who use the same security configuration.


Create the required logical roles and map them to one or more physical role, then assign both a security configuration and a logical role to an application (through the application connection template). Users must have one of the physical roles that the logical role is mapped to in order to access the application.


  1. In the left navigation pane of SAP Control Center, select Security > <Security configuration name>.
  2. In the right administration pane, click the Role Mappings tab.
  3. Click New.
  4. Enter a name for the logical role you wish to create.
  5. Select one of the following options:
    State Description
    AUTO To map the logical role to a physical role of the same name.
    NONE To disable the logical role, which means that the logical role is not authorized.
    MAP To manually map the logical role when the physical and logical role names do not match. See Mapping a Physical Role Manually.
  6. Click OK.