Hello Diana,
There is no switch between roles like you mentioned. Whatever the authorizations are given to users they can use those authorizations whenever they want. They donot need anything like switch etc.
SAP Authorization concept is not so. SAP authorizations rely on "Authorization Objects and their field values". Roles are only groups of authorization objects. They make the authorization concept simpler and maintenance easier. They are just for appearence.
SAP looks at whole authorizations.
Here is a script from training book.
"
When a user logs on to a client of an SAP system, his or her authorizations are loaded in the user context. The user context is in the user buffer (in the main memory, query using transaction SU56) of the application server.
When the user calls a transaction, the system checks whether the user has an authorization in the user context that allows him or her to call the selected transaction.
...
All authorizations are permissions. There are no authorizations for prohibiting. Everything that is not explicitly allowed is forbidden. You could describe this as a “positive authorization concept”.
"
So users can use all authorizations whenever they wants.
You can only restrict the usage of roles' transactions by unassigning the role from them.
Regards,
Yuksel AKCINAR