Podcast

SAP Security & GRC Podcast – Technical Series (E08): How to Convert an Authorisation Field into an Organisational Level Field

June 24, 2026 By Soterion

Watch or listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. 

In this session Ross Robertson breaks down one of the more nuanced but highly practical concepts in SAP role design – the difference between standard authorisation fields and organisational level fields, and how converting a field from one to the other can significantly improve how your team manages SAP authorisations at scale.

Using a practical goods movement scenario with transaction MIGO and the movement type field (BWART), Ross demonstrates the step-by-step process of converting an authorisation field to an organisational level using SAP’s built-in tools within PFCG. The episode also unpacks the key business case for doing so – particularly within parent and derived role designs where maintaining independent values across child roles is critical. 

Key takeaways:

  • Authorisation fields sit within authorisation objects and control what a user can do. Not all authorisation fields are organisational levels. 
  • Organisational level fields represent structural points in your enterprise – such as plant, company code, or shipping point – and can be maintained from a single, centralised point in the role. 
  • In a parent and derived role design, changes to standard authorisation fields in the parent role overwrite values in child roles. Organisational level values, however, are maintained independently in each derived role and are not overwritten by parent changes. 
  • Converting an authorisation field to an org level field allows you to set different values per child role – for example, assigning different movement types to different derived roles based on business unit requirements. 
  • The conversion process is performed within PFCG using SAP’s provided built-in function and applies across all instances where that field appears within the role. 
  • This approach supports standardised, scalable authorisation management and reduces the risk of unintended value overwrites during role maintenance. 

Whether you’re designing roles from scratch or refining an existing role architecture, understanding when and how to use organisational level fields is a foundational skill for any SAP authorisations professional.

Don’t miss out on insights from:

  • Ross Robertson – Senior SAP Authorisations Consultant – Soterion 

Listen

Watch

Visit our Buzzsprout channel for more episodes

Related Content

Register Now

The Effective GRC Pyramid

Download Now

What is Business Centric GRC for SAP?

Watch Now

Background - Stay Informed

Stay informed of new episodes

Subscribe now to receive notifications straight to your inbox

You may find this interesting