Problem solve Get help with specific problems with your technologies, process and projects.

How to map multiple SAP roles and profiles

Discover tips for mapping SAP roles and profiles, including how to map multiple SAP profiles to a single derived role, and why a second profile is generated when a large role has too many authorizations for one profile.

We have found that a few of our SAP roles are mapped with multiple profile names. Is it possible to have multiple...

profiles to a single role? Note: These roles are derived roles, not composite roles and not the composite profiles.

Here are some examples which may provide a clearer view of what I mean.

Roles and Profiles User ID
(Profiles ##: T-D3060077, T-D30600771)
(Profiles ##: T-D3060644, T-D3060076)

Before SAP had roles, they had SAP profiles. Because of the data design, a profile could only have a limited number of authorizations. Roles are still only a technical layer on top of profiles, and profiles still have the original limitations.

Consequently, when a large role has too many authorizations for one profile, a second profile is generated and assigned. This is merely a technical feature. Your auditors should focus their evaluation on the roles assigned. There are other technical considerations, but this answer should be sufficient for almost all situations.

This was last published in April 2009

Dig Deeper on SAP security administration

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.