Skip to Content
Product Information
Author's profile photo Juergen Jakowski

What permissions do you need for SAP for Me?

When I look back at my blogs of the last 2 years, one blog aroused particular interest. It was about the authorizations a user needs in SAP for Me.

In the meantime, so much has happened in SAP for Me that I decided to write another blog about this topic. Of course, it will again be about what authorizations are available and how they can be used. But I also want to use this blog to give some insights into what thoughts have led us to where we are today with SAP for Me and where we want to go from here.

Side note 1: If you don’t have an S-User yet, don’t miss my blog “How do I get access to SAP for Me?

Side note 2: If you are an SAP partner, don’t miss the blog “What permissions do you need for SAP for Me for Partners?” from my colleague Aine O’Flynn.

All current SAP for Me authorizations at a glance


For those who want to get right to the point, however, I’ll start right away with the overview of authorizations. The following table shows an overview about

  • the capability areas in SAP for Me
  • the available authorizations
  • which additional information is made available
  • and where you can find this information in SAP for Me.

All permissions can be assigned directly in the SAP ONE Support Launchpad.


Capability Area Authorization
Portfolio & Products No permissions required
Knowledge & Learning No permissions required
Systems & Provisioning

Edit Cloud Data 

Trigger system provisioning
(Key Location: Systems & Provisioning Dashboard)

Finance & Legal

Display Order Information in SAP for Me

View all orders assigned to customer account
(Key Location: Finance & Legal Dashboard)

View list of license materials related to order
(Key Location: Finance & Legal Dashboard)

View CPEA Balance Statements
(Key Location: Finance & Legal Dashboard – Billing)

Manage Invoices and Payments

Trigger purchase of additional licenses
(Key Location: Finance & Legal Dashboard)

Access License Utilization for Cloud

View consumption of cloud
(Key Location: Finance & Legal Dashboard – Cloud)

Support & Maintenance

Display All Incidents and/or Display Incidents

View all incidents or just the incidents of the S-User
(Key Location: Support & Maintenance Dashboard)

Report an Incident and/or Send Incidents to SAP

Report and incident and send incident to SAP
(Key Location: Support & Maintenance Dashboard)

Users & Contacts

Edit Contact-Role Assignment in SAP for Me

Change the assignment of a person on customer side to a customer contact role related to a product.
(Key Location: All Product Detail Pages that can be reached from the Portfolio & Product Dashboard)


As the table shows, the necessary authorizations have been kept very low so far. And obviously there is no need for permissions in some areas. I would like to address this below with some background information.


Why is SAP for Me somewhat different from other SAP tools?


In SAP for Me, we identify a user in the same way as SAP ONE Support Launchpad, for example. Only a person with an S-User is assigned by us to a customer account and therefore can see customer content in SAP for Me. And in the same way, we use the User Management – which is still located in SAP ONE Support Launchpad – which also provides us with a full authorization model. In that respect, SAP for Me is not different yet.

However, the possession of an S-User – which is always managed centrally by the customer (company) – is already an initial authorization for us. The question now is, which data can already be shown with it and which are worth to be packed behind an additional authorization.

Here, SAP for Me differs in that the mere fact that a person has an S-User means that we already classify the first content as unobjectionable and display it. For example, the overview of SAP products available under the given customer account.

Why do we do it this way? It’s mainly because of the tons of customer feedback, telling us over and over again that the authorization of S-User has become too complex. The call for simplicity was unmistakable. And I think that at a certain point it was also clear that customers nowadays also position themselves differently internally and that internal transparency has become much more important in order to be able to identify opportunities for further improving the company. After all, what is the point if a license manager “believes” to see everything, but still some information remains hidden. This is not a good foundation for license optimization, for example. Of course, these license optimizations will not always be in our favor, but that is exactly what we want to stand for: The success of the customer comes first.


Which authorizations for what?


The table above has already compiled which authorizations are currently relevant in SAP for Me. I would like to go into more detail about the individual capability areas.

As already described in What is SAP for Me?, SAP for Me currently offers six different (business) capability areas. In addition, there is one area that combines all important cross capabilities.

Portfolio & Products


As already mentioned, a person with S-User can already directly see the products available through the customer account. This includes products from SAP as well as products licensed from SAP partners. Since we always want to put the data in SAP for Me in relation to each other, the user will naturally stumble across content when exploring through the products where he/she does not have permissions. In this case, this content will of course not be displayed.

For example, the product list in the Portfolio & Product Dashboard shows licenses, orders, and systems attached to the product in addition to the products. The latter would be visible to the user. For the licenses and orders you need a special permission (see below).

Currently there is no explicit authorization for simple product content in SAP for Me. So the following options are directly available to the user:

  • View all purchased SAP on premise products (based on the user’s customer account).
  • Display of all purchased SAP Cloud products (based on the user’s customer account)
  • Exploration of the respective product with views on systems, available learning materials, product roadmap and further product materials.


Knowledge & Learning


There are currently no special permissions in the Knowledge & Learning area. However, it must be noted here that the content for “My Learnings” in particular is personal content that is already authorized via the user account as such. No further authorization is necessary here.


Systems & Provisioning


As with the products, an S-User can already see some information about the systems behind the products. Here, availabilities are certainly an interesting information, whereby it is not only about the current availability but also about the planned maintenance.

In addition to the system, there is also a strong self-service, which we now want to expand further and further. This is about the provisioning of cloud systems. Of course, we cannot simply make this self-service available to all S-Users, which is why it lies behind an authorization. A user can indeed see that new systems could be provisioned. Without the right authorization, however, he cannot trigger this provisioning.


Finance & Legal


As expected, this is the area with the most authorizations, as it is a more sensitive data environment. An S-user without special permissions sees practically nothing here.

To see software orders and their included licenses you need a special permission.

Another permission is needed to see the cloud license usage. And another one will be necessary soon, if we want to offer the view of on premise license usage in SAP for Me.

In addition, there is still information about billing. While balance sheets are displayed as part of the order and license Authorization, a user needs a separate permission to view invoices.

Finally, there is another permission that allows an S-User to purchase licenses, which can be used in the near future, for example, to repurchase an overused license.


Support & Maintenance


In the area of Support & Maintenance, we do not yet use our own authorizations, but instead use the authorizations already available, as they are also used in the SAP ONE Support Launchpad. If the S-User already has the authorization to view or create incidents, he has the same possibilities in SAP for Me.


Users & Contacts


Finally, there is the User and User Management area as well as Contacts. The topic of user management will only become relevant at a later point in time and is mentioned by name here but is not yet included in our plans.

Contacts, on the other hand, have already been extensively implemented in SAP for Me. It is not only possible to see the company’s own contacts for a product, but also to easily find SAP contacts that are available for the customer or a specific product at the customer’s site. Both do not require any further authorization, as long as it is only about the display. On the other hand, you need an authorization if you want to change the company’s own contacts. There are two authorizations for this, because we have differentiated again between product-relevant and order-relevant contacts. The latter have a direct connection to the financial data and therefore require special authorization. The function to change order-relevant contacts is not yet available, which is why I have omitted the necessary authorization in the table above.


I hope this blog helps to better understand the topic of authorizations in SAP for Me. Of course, SAP for Me is still growing, so I will adapt this blog again in due course. Basically, we are also currently working on a more comprehensive, central documentation for SAP for Me, which will then make these blogs obsolete in the future.

I am – as always – very interested in feedback. So please feel free to let me know directly in the comments.


Best regards


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Peter Karlsson
      Peter Karlsson

      Hi, thanks for the informative overview. Which authorization do I need to work with Deal Registrations?




      Author's profile photo Aine O'Flynn
      Aine O'Flynn

      Hi Peter,

      Partner authorizations are assigned by the Partner Security Manager at your organisation. If you do not have authorization to view a card, you will see a note in the card to contact the Security Manager, and there is a link to contact them directly in the tool. You can also find your Security Manager by contacting

      For Deal execution, you will need one of the following functions assigned: Sales Contact, Sales Manager, Sales Operation, Partner Manager or Security Manager.

      You can access the deal execution section of SAP for Me here:


      You can also directly access the Deal Registration app here:

      If you have any further questions, please let me know.


      Kind regards,


      Author's profile photo Oguzhan Genis
      Oguzhan Genis

      Please see also the general introduction to s-user management and authorizations including an updated view on SAP for Me.

      About the user, authorization and administrator concept

      Author's profile photo Mike Buono
      Mike Buono


      Are security changes made to user accounts via User Management (in the Launchpad) reflected immediately for the user?  Is there a wait/sync period?  Should the user logout and log back in?

      Author's profile photo Shyamu Raja Murthy
      Shyamu Raja Murthy

      Is there any way for customers to drill-down to specific users that are consuming Cloud Solution licenses? For example, my customers would like to know who are the users behind the number of licenses consumed in Performance Management and Recruiting.

      The instance license usage reports require additional configuration that the customer is not willing to perform in Production envrionment just for this purpose.




      Author's profile photo Jacob ZITTOUN
      Jacob ZITTOUN

      I installed the mobile application on my professional iPhone, entered my SAP email and password in the "sapit-forme-prod" screen to open a session. It prompts me to enter a PIN code (RADIUS Server token) to continue.

      Which SAP application should be used to get this PIN code?

      I'm stuck as I tested with multiple MFA applications (MS Authenticator, SAP Authenticator, SecurID Authenticator) and none of them work 🙁

      P.S.: I've installed the mobile application once SAP for Me was available to SAP employees and it has worked like a charm without this extra PIN code setup...

      Author's profile photo Janet Liu
      Janet Liu

      Hi Jacod,

      The RADIUS server token is your RSA token.  You may refer to IT Support    

      for support. This is a two-factor authentication service enabled by SAP ID Service. If you do not want to apply for such a token, then you may disabled in your account setting in ID Service.




      Author's profile photo Jacob ZITTOUN
      Jacob ZITTOUN

      Janet Liu

      I followed this KB but it does not work: the RADIUS token is not recognized

      Author's profile photo Jacob ZITTOUN
      Jacob ZITTOUN

      I have re-installed the RSA SecurID and reset up the stuff: all is working now !!!!

      Author's profile photo Robert Fischer
      Robert Fischer

      Hello Jürgen,


      which authorization does a user need to have calender function available?


      thanks and br,



      Author's profile photo Oguzhan Genis
      Oguzhan Genis

      Hi Robert,

      The calendar is available for all users. Most of the current event types we display don't require additional authorizations. If an event type on the legend list is grayed out you'll see on the card header upper right side a button that authorization is missing. You can directly request from your super admin via this button.

      Regards, Ozzy

      Author's profile photo DT Hamai
      DT Hamai

      Thank you for the section on "Knowledge & Learning."  There are other articles out there about advance users but no one mentioned basic users who just need access to knowledge articles and community.

      Author's profile photo Barbara Garrett
      Barbara Garrett

      I am trying to give an s-id access to sap for me but the click on that within the user edit screen gives additional access that the person should not have.    If you try and remove any of those auths then the SAP for ME website box becomes unchecked.  this is causing all kinds of issues.  Those underneath auths should not be combine with the website access. I just opened a issue with SAP for ME.  I want the authorizations more restricted.

      What are your thoughts? 399570 / 2023



      Author's profile photo Manoj Caisucar
      Manoj Caisucar

      Hi Oguzhan Genis

      Getting the error

      You currently have read-only access to the solution hub. For more information about your restricted access, see SAP For Me.

      What authorization do i required .

      I have the "Partnership Management" assigned to me.




      Author's profile photo Thomas Vaughan
      Thomas Vaughan

      Hi there,

      The type of access to Solution Hub is based on the type of partnership you have with SAP. For example if the partnership you have is PE Sell, PE Service, PE Run or an OpenEcosystem member, then you will only have Read access.


      However it is also based on a set of compliance criteria. So if for example you have a PE Build or OEM partnership with SAP and are getting Read only access then this could be down to a compliance related issue such as due Diligence not being completed.

      You can read more about Full and Light access on page 4 of the Solution Hub Guide

      Best regards,