What are Derived Roles in SAP
The derived role receives the menu structure and various functions like transactions, reports, web links, etc. from role referenced. So we can call it as a parent role. The role only receives menus and functions if no t-codes have been assigned to it.
Derived roles are used to maintain security at organizational levels and it helps to minimize administrative maintenance.
Let’s Learn how to create a derived role in SAP security
Enter transaction code “PFCG” in the SAP command field and enter.
In the next screen, enter the role name and click on the role tab as shown below.
Now we derived a role from the existing role, click on the derived from role tab to derive the existing role.
On importing role window, click the start search button and you can provide a maximum number of hits.
Now select the particular role that we want to derive, here we selected the master role. After selecting the role a window opens seeking that you want to enter a specific role as the importing role, click on yes.
Update the descriptive name of the derived role and click on save button (Crl+S).
Here you can see the menu has been inherited, Click on the menu and check what are the menus that have been inherited.
Now we have to change the authorization data, click on the authorization tab and click on change authorization data.
Here we can see the company code and account type organization level, assign the values and click on save button.
Select generate button and then click on generate option.
Press enter to continue as shown below to assign a profile name for generated authorization profile.
Click on the user tab and update the user id in the user field, then click on user comparison.
Click on the complete comparison as shown below the image. Now you can see user comparison in green color.
Finally, click on the save button and save the configured derived roles details.