CX Works

CX Works brings the most relevant leading practices to you.
It is a single portal of curated, field-tested and SAP-verified expertise for SAP Customer Experience solutions

Access Control Management - Global and Local Administrators

4 min read

Global and Local Administrators Concept and Use.

Table of Contents

Local Administrators, Concept and Usage

When you, as a global customer, are planning to roll out SAP Sales Cloud and SAP Service Cloud solution in a phased approach into different regions all over the globe, it makes sense to evaluate the use of local and global administrators of your solution.

The rollout activities, including the related key user activities, are typically managed by a team of central key users located in the company headquarters.

An important part of the regional rollout is to train the local key users. These local key users are responsible to act as an immediate contact for the local users as well as to maintain local employees and users.

With the concept of the local administrator, it is possible to centrally define roles which can be assigned by local administrators to the users they are responsible for. In addition, local administrators can get access rights to create and maintain only the employees and users they are responsible for.

Set up Roles for Local Administrators

In the steps described below, we cover the roles a local administrator can set up and use when activating a local user.

When global administrators create a role, they can flag the role as a local role. This role can then be used by local administrators to assign to their users.

Global administrators can also assign the local administrator as a responsible user for a global role. This role will then also be available for the local administrator.

In the screenshot below, you can see how the roles that are enabled for the local administrators are being presented in the role assignment for a user. The local administrators will only be able to assign to those dedicated roles.

Typically, the local roles include access restrictions based on restriction rules.

In the example below, you will see how to set up local administrators by assigning them to the relevant work center with the appropriate access restrictions. 

Use Case Scenario 

Example: Set up a local administrator.

Adam Lokal is a local administrator in the Northern Region of the BFT Company. His task is to maintain employees and users in his regional area.

In order to fulfill these tasks, Adam's assigned role only covers the Employee and Business User Work Center Views of the Administrator work center. 

In contrast to a global administrator, he does not have the general settings of the administration work center assigned.

Adam's user role is set up with a restriction rule to ensure that he can only access and maintain employees and users of his regional branch. Adam can only access the users of the functional units (organizational units) that he is assigned to.

By using this restriction rule, it is possible to use the same role for local administrators in other regional branches.

With the above setup, Adam only has access to employees and users who are assigned to his organizational unit and those underneath.

Please note, that in the list of his employees and users, “Mike Summers” is showing up as the second to last entry in the below image, even though Mike has no assignment to Adam’s organizational unit. The reason is that Mike Summers has no organizational assignment at all. Therefore, the system is unable to determine an access restriction for that employee. In this case, the system shows that employee without any restriction.


This article introduced you to the benefits of using local and global administrators. You can now take advantage of this functionality for your next rollout.