The following SAP Security training tutorials guides you about derived roles and how to create derived roles in SAP step by step. In our previous security training tutorials we have learnt how to create user roles step by step.
What is Derived role
The derived role receives the menu structure and various functions like transactions, reports, web links, etc from role referenced. So we can call it as a parent role. The role only receives menus and functions if no t-codes have been assigned to it. Derived roles are used to maintain security at organization levels and it helps to minimize the administrative maintenance.
Lets Learn how to create derived role in SAP security
Enter transaction code “PFCG” in the SAP command field and enter.
In next screen, enter role name and click on role tab as shown below.
Now we derived role from the existing role, click on derived from role tab to derive the existing role.
On importing role window, click start search button and you can provide maximum number of hits.
Now select the particular role that we want to derive , here we selected master role. After selecting the role a window opens seeking that you want to enter specific role as the importing role, click on yes.
Update the descriptive name of the derived role and click on save button (Crl+S).
Here you can see menu has been inherited, Click on menu and check what are the menus that has been inherited.
Now we have to change the authorization data, click on authorization tab and click on change authorization data.
Here we can see company code and account type organization level, assign the values and click on save button.
Select generate button and then click on generate option.
Press enter to continue as shown below to assign profile name for generated authorization profile.
Click on user tab and update user id in the user field, then click on user comparison.
Click on complete comparison as shown below image. Now you can see user comparison in green color.
Finally click on save button and save the configured derived roles details.