In the World of SAP Authorizations - a Set of Concepts

Reading time: 3 min.
Tomasz Jurgielewicz

The Basic Set of Concepts from the World of SAP Authorizations

We can agree that one of the least comfortable situations at a meeting or teleconference is when our interlocutors use jargon or industry vocabulary that we do not know or with which, for various reasons, we have not yet had time to listen.

This also happens in the world of SAP authorisations.

Therefore, I have collected for you the basic and most common issues and elements of the authorization area.

Or maybe such a list will be useful for beginners and adepts of the sap authorization world?

SAP Dictionary of Terms

The issues are listed together with their equivalents in the English language version of SAP.

Permission/Authorisation(an English therm)- to put it simply, what a user can do based on the roles and profiles assigned to their user in SAP.
I have permissions = I can run on the system.

Transaction (an English therm)SAP function that you perform on the system, such as SU01, MM03, XK02

Role (an English therm)the so-called authorization "bag", which contains permission elements defined by the permission administrator who created the role. Creating a role by itself, giving a name and description does not do anything, the role must have filled objects and must be regenerated and assigned to the user in order for the permissions to work.

Single role (an English therm)A role that contains transactions/permission objects has only one profile when it is regenerated.

Composite role (an Englsih therm)A role that consists of two or more single roles, otherwise known as a collection of single roles. Composite roles are often used, for example, when creating job or process roles.

Reference role (an English therm)Otherwise known as a role model (for derived roles), containing transactions, authorization objects, and organizational levels. Colloquially known as the "mother" role. 😉

Derived role (an English therm)a role created from a reference role contains the same transactions/reports/authorization objects as its reference role, but has different values at the organizational levels. They are used, for example, for rollouts to subsequent companies of the enterprise. Colloquially known as the "daughter" role. 😉

312 – the magic number ... means the maximum number of profiles assigned to a single user in SAP. More will simply not fit, or rather the system will not allow you to assign and save changes.
If you encounter such a problem, first think about when you lost control of permissions management, are you sure your user needs so many roles?
Is he/she using them? (You can check role usage per user by using the SAST Authorization Management Tool.)

In the next post, which will appear in two weeks, I will present further concepts from world of authorization.

If you feel that your organization could use a refresh of knowledge or training "from scratch" in the area of SAP permissions – feel free to contact us.

Workshops can be carried out at the customer's premises, at our premises or 100% remotely.

Author: Bernadeta Szwarc /Sast Polska Team/




If you find this article valuable, please share it.
This will allow us to reach new people. Thank you in advance!

We will take care of the digital transformation of your business

Do you want to protect your business against cyber attacks? Or maybe you are planning a digital transformation or looking for IT specialists for a project? We are happy to help. We are here for you. Let's talk about professional IT services for your company.
Contact Us
Darmowy e-book

Wszystko, co musisz wiedzieć
o migracji z SAP ERP na SAP S/4HANA

Nasz zespół ekspertów przygotował dla Ciebie
e-poradnik, dzięki któremu zrobisz to łatwo, bezboleśnie i bez szkody dla bezpieczeństwa
Twojej firmy.

To praktyczna wiedza podana w przystępnym
języku - zupełnie za darmo.
Pobierz darmowego e-booka
+ 48 508 400 203
Address Information
ul. Tęczowa 3 , 60-275 Poznań
NIP: 5213683072
REGON: 360098885
Visit our Social Media:
Address Information
ul. Tęczowa 3 , 60-275 Poznań
NIP: 5213683072
REGON: 360098885
Visit our Social Media:
Lukardi 2022. All Rights Reserved. 
Made with