Authorizations in SAP Cloud Platform

Restrict access to resources and services based on defined user permissions

Lines Of Business


Users are principals managed by identity providers (SAP Identity Authentication or others). The SAP Cloud Platform does not have a user database on its own. SAP Cloud Platform offers possibilities to manage the authorization of users authenticated by an identity provider (IdP). Authorization is based on a role-based authorizations concept. This role-based authorizations allows administrators to easily manage user access, permissions for services on the platform, and for applications deployed on the platform.

For the platform and its services, authorizations are managed in terms of administrative roles, while for applications deployed on the platform, one has the possibility to choose the application authorization model you want. That means, you define the roles of the application users and the associated permissions needed for those roles. You can then group collections of roles that allow the definition of business-level functions.

The solution diagram above illustrates a basic architectural pattern implementing user authorizations in the SAP Cloud Platform. 

Download the blueprint

Bill of Material - SAP Cloud Platform components for licensing considerations

Note that the following Bill of Material is for reference purposes only. The following table is only an example of the SAP Cloud Platform services and components required for this use case. Please consult your SAP Account Executive regarding your specific licensing needs.  Calculations below are based on 100 users.

SAP Cloud Platform services


Licensing metrics



SAP Cloud Platform Identity Authentication


Simplify and secure cloud access from anywhere, on any device. Logons in blocks of  100

3,000 logons

Customers can use the SAP Cloud Platform pricing estimator to calculate the required investment for a particular project. Scale up or down on services as required.

Members and partners of SAP PartnerEdge* can evaluate the development of an application for this use case – most development licensing is covered by the packs offered by the SAP partner licensing services. Click here for details.

*excluding open ecosystem basic.