How to map multiple SAP roles and profiles
Discover tips for mapping SAP roles and profiles, including how to map multiple SAP profiles to a single derived role, and why a second profile is generated when a large role has too many authorizations for one profile.
We have found that a few of our SAP roles are mapped with multiple profile names. Is it possible to have multiple...
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
profiles to a single role? Note: These roles are derived roles, not composite roles and not the composite profiles.
Here are some examples which may provide a clearer view of what I mean.
Roles and Profiles | User ID |
C_PUS_Mang (Profiles ##: T-D3060077, T-D30600771) |
XXXX |
C_PUS_DESp_SUPERV (Profiles ##: T-D3060644, T-D3060076) |
XXXX |
Before SAP had roles, they had SAP profiles. Because of the data design, a profile could only have a limited number of authorizations. Roles are still only a technical layer on top of profiles, and profiles still have the original limitations.
Consequently, when a large role has too many authorizations for one profile, a second profile is generated and assigned. This is merely a technical feature. Your auditors should focus their evaluation on the roles assigned. There are other technical considerations, but this answer should be sufficient for almost all situations.