Skip to content

SAP BTP Role Collection management made easy

SAP BTP Role Collection management made easy


Management of role collections in SAP BTP can be tedious and time consuming, especially when you must upkeep role collections in multiple subaccounts and make sure that they are correctly configured everywhere. Management tasks vary from creating the role collections with correct parameters to binding users and AD groups to role collections. Margin of error is significant, since these are manual tasks. Also, the role collection configurations may vary depending on the subaccount. For example, in production environment it may be desired to not bind some users or AD groups to the role collection that may be relevant in lower-level subaccounts.

Wouldn’t it be great, if you could manage and synchronize your role collections across the subaccounts easily, in a centralized place with nice UX with a click of a button?

Behold – Role Collection Transport Tool!

Are you ready to streamline your role collection management process? Look no further than the Role Collection Transport Tool! Role collection transport tool is a solution, which makes it easy to manage and transport role collections from subaccount to subaccount. Solution features clean UX design according to Fiori guidelines, easy to use UI and utilization of SAP’s authorization API.

With this solution role collection transporting is easy! First, you select one or multiple role collections from the list. Then you select target subaccounts where the role needs to be transported. Then you click transport. That’s it!

If you want to keep your subaccount’s role collections clean and easily manageable, this solution is for you. It is so simple to use, that anyone can use it; no additional training is needed.

On top of the authorization API, we have built additional layer, that has features such as logging, possibility to manage admin settings and possibility to manage exclude properties.

Solution logs all role collection transports. This is handy, since it gives traceability to the user about the transports. Users can see what role collections are transported, who transported the role collection, when the transport was happening, status of the transport and to what subaccount. Also detailed information about solutions actions is being logged, which creates transparency of solutions calls to SAP’s authorization API.

In settings page admin users can manage subaccount specific properties. These are mainly for one-time configuration only and shouldn’t be edited after application has been installed.

In exclude properties page user can create custom rules which dictate what AD groups should be excluded from specific target subaccounts from all role collections when transporting. For example, user could add a property with AD group “Tester” and exclude it from the production subaccount:

In conclusion, Role Collection Transport Tool is a solution which simplifies and streamlines your role collection management. The solution eliminates manual tasks and error margin which comes from the tedious task of managing the role collections manually.

We have several exciting items on the development pipeline which makes the tool even more beneficial to users. For example, comparison of role collections between subaccounts.

If you are interested in the tool, or have some questions about the implementation, feel free to contact us @