What is the difference between profile and role in sap

The role is the combination of t-codes, reports, urls. A role can be one, or a combination of many, tasks and activities. Role is Dependent on Profile. Profile is not dependent on role In the combination of Authorization Filed Ever Role contain collection of Transaction.

Is generated with the Associated Profile. Role means set of profiles profile means set of authorization objects authorization objects means set of field values in role creation we will use only one t-code is pfcg in profile creation we will use more then one t-codes are sumaintain authorization objects suim:user information system,select by object name and text sumaintain authorization classes and profiles sucreate profiles sucreate user and assign profile.

Newsletters may contain advertising. You can unsubscribe at any time. Hi, Could someone explain to me what is the difference between a role and a profile from the Security perspective? Or in other words: A role is just a placeholder — You assign transactions to a role, and by sheer magic, a profile is created for you.

When you assign the role, the profile is automagically assigned as well. Profiles are a holdover from the Pre The nature of Role to Profile is always , but as stated previously, the profile to role relationship is or Having defined that, now my question is where are Authorization Groups in the landscape of Roles and Profiles?

If you are referring to Table and or Program Authorization groups, they are used to control access to Tables and Programs as the names indicate. As one example — if a Company creates a custom program, auth groups can be used to define WHO should have access to that custom program.

What important authorization objects are required to create and maintain user master records? Which table is used to store illegal passwords? Standard — It means that all values in authorization field of an authorization instance is unchanged from the SAP default value i.

SAP default value and that blank field has been updated with some value. The different approaches of assigning access is referred to as the role methodology. The various role methodologies are:. The Composite role can then be assigned to the users who then inherit the access transaction codes contained in the single roles.

Business roles have the added benefit of being a data container for SAP single roles from multiple SAP systems, simplifying provisioning significantly. When creating an SAP user, the following fields are available for maintenance:. SAP Provisioning can be handled in different ways. A user can inherit access directly or indirectly:.

The transaction code is being replaced by Fiori Applications which are executed through a web browser. These changes add an additional level of complexity and security. Although a friendlier user interface, it is a more difficult solution to maintain. Certain users are provided database access to execute reports. It is important that access at database level is restricted to ensure no unauthorised inserts or edits are done at the database level.

The methodology you have applied has a big impact on what you can achieve. Certain methodologies allow for easierremediation and ensuring users are only assigned the access they require for their job function.

Decide what you need to achieve and see if the methodology allows for it. It is important to consider the benefits that the tools provide and what you want to get from a tool.