Scribd Logo
Upload

Welcome to Scribd!

  • 71 views

    Parent & Derived Role

    Uploaded by

    DHL123
    Parent roles in SAP simplify role administration by allowing child roles to inherit authorization attributes from the parent role, except for organizational level fields like plant and company code. This reduces maintenance and testing efforts for derived roles. A parent role for sales order creation was created, and then a child role for US companies was defined by maintaining the parent role name and organizational level values. Non organizational level authorization values were then pushed from the parent to the child role to generate profiles for both roles. The effectiveness of the parent-derived role concept depends on how similar business processes are across an enterprise's divisions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Parent & Derived Role

    Uploaded by

    DHL123
    71 views4 pages
    Parent roles in SAP simplify role administration by allowing child roles to inherit authorization attributes from the parent role, except for organizational level fields like plant and company code. This reduces maintenance and testing efforts for derived roles. A parent role for sales order creation was created, and then a child role for US companies was defined by maintaining the parent role name and organizational level values. Non organizational level authorization values were then pushed from the parent to the child role to generate profiles for both roles. The effectiveness of the parent-derived role concept depends on how similar business processes are across an enterprise's divisions.

    Original Description:

    How to set-up parent and derived role

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Parent roles in SAP simplify role administration by allowing child roles to inherit authorization attributes from the parent role, except for organizational level fields like plant and company code. This reduces maintenance and testing efforts for derived roles. A parent role for sales order creation was created, and then a child role for US companies was defined by maintaining the parent role name and organizational level values. Non organizational level authorization values were then pushed from the parent to the child role to generate profiles for both roles. The effectiveness of the parent-derived role concept depends on how similar business processes are across an enterprise's divisions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    71 views4 pages

    Parent & Derived Role

    Uploaded by

    DHL123
    Parent roles in SAP simplify role administration by allowing child roles to inherit authorization attributes from the parent role, except for organizational level fields like plant and company code. This reduces maintenance and testing efforts for derived roles. A parent role for sales order creation was created, and then a child role for US companies was defined by maintaining the parent role name and organizational level values. Non organizational level authorization values were then pushed from the parent to the child role to generate profiles for both roles. The effectiveness of the parent-derived role concept depends on how similar business processes are across an enterprise's divisions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 4

    Parent & Derived Roles

    The concept of parent and derived roles was introduced by SAP to simplify role
    administration tasks. Its specially helpful while mapping security for large enterprises
    spread across multiple geographies or divisions. A child role derived from a parent role will
    have all attributes (transactions/ authorization object values) same as it parent except the
    values of the Organizational Level fields (plant, company code, sales organization). Thus
    maintenance is simplified as only the org levels need be maintained at the derived role
    level. This also ensures that there is no opportunity to make mistakes during authorization
    maintenance for the multitude of derived roles and also reduces testing effort for roles.
    Creating the parent role follows the same process as creating any other single role. In the
    example below we create a global role Z_CREATE_SO_GLOBAL which allows the creation
    of Sales Orders (transaction VA01) for all company code, sales orgs.

    PFCG - Define Parent Roles


    With the parent already defined we create a child role Z_CREATE_SO_US which allows SO
    creation for the US companies. We maintain the parent role name as shown below.

    PFCG - Derived Roles - Definition


    The menu for a derived role can not be individually maintained as all entries are inherited
    from the parent.

    PFCG - Derived Roles - Menu can not be changed


    Now we maintain the org levels values relevant for the child role. In the example below, we
    have used a dummy value of @ but in a production system the correct value for org levels
    should be used. The other other need not be maintained at this stage. Now we save the
    authorization entry for the derived role.

    PFCG - Derived Roles - Maintain Org Levels


    To populate the rest of the authorization values for the child role, we go into the
    authorization maintenance screen for the parent and click the button push from gl. This
    option pushes the non org level values from the parent to the child role and generates the
    profiles for both.
    The most critical success factor for a parent-derived role concept is how well, the different
    business processes mapped by SAP roles are mirrored across the different divisions in an
    enterprise. In other words, a parent-derived role concept will not be very beneficial in case
    an enterprise follows different business process in its different subsidiaries.

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy